Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
payment_3493.pdf

Overview

General Information

Sample name:payment_3493.pdf
Analysis ID:1579909
MD5:3b8a483aac60a462b9a6d146a2186f5b
SHA1:1fc50e7cd899fadf7f4e71c9e6ef9f728aa3433a
SHA256:862166bb3039365a6240fb9a7d6057a19b0d71c86890ea967ac0b6683e635189
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Clickable URLs found in PDF pointing to potentially malicious files
Downloads suspicious files via Chrome
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected suspicious crossdomain redirect
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 6188 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payment_3493.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7080 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4184 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,12156767145807301338,1356997387536762662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 7448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 7924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2024,i,7100417688120371546,15284684244205142337,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • unarchiver.exe (PID: 7572 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\???????????_?????????_????????.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 7420 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja" "C:\Users\user\Downloads\???????????_?????????_????????.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • unarchiver.exe (PID: 7976 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
    • 7za.exe (PID: 6984 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\i4oysygl.ccy" "C:\Users\user\Downloads\ _ _ .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • unarchiver.exe (PID: 2784 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
    • 7za.exe (PID: 5264 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\f03mjjhp.rbo" "C:\Users\user\Downloads\ _ _ .zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
      • conhost.exe (PID: 4832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49916 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50082 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: bitbucket.org to https://bbuseruploads.s3.amazonaws.com/ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%d0%95%d0%bb%d0%b5%d0%ba%d1%82%d1%80%d0%be%d0%bd%d0%bd%d0%b8%d0%b9_%d0%bf%d0%bb%d0%b0%d1%82%d1%96%d0%b6%d0%bd%d0%b8%d0%b9_%d0%b4%d0%be%d0%ba%d1%83%d0%bc%d0%b5%d0%bd%d1%82.zip?response-content-disposition=attachment%3b%20filename%3d%22%25d0%2595%25d0%25bb%25d0%25b5%25d0%25ba%25d1%2582%25d1%2580%25d0%25be%25d0%25bd%25d0%25bd%25d0%25b8%25d0%25b9_%25d0%25bf%25d0%25bb%25d0%25b0%25d1%2582%25d1%2596%25d0%25b6%25d0%25bd%25d0%25b8%25d0%25b9_%25d0%25b4%25d0%25be%25d0%25ba%25d1%2583%25d0%25bc%25d0%25b5%25d0%25bd%25d1%2582.zip%22&awsaccesskeyid=asia6kose3bnmakpa4tp&signature=b7nleos7swvhcwqmlzaswjwfdku%3d&x-amz-security-token=iqojb3jpz2lux2vjea4acxvzlwvhc3qtmsjhmeuciqd0f3og5mfpp%2frz3%2bbm673xxtvat7lqqicy8tgfngqsmgigciu3eyoa4najxbaa22stgtp7ielvfo37ku6ks7zvhycqsaii1%2f%2f%2f%2f%2f%2f%2f%2f%2f%2f%2faraaggw5odq1mjuxmdexndyidjpd9stvnxfn%2brjynyqeav6xejtkzaqnhwypwobaylobo41xovvm3uewx2onit61mj%2fx8htz6800tboyvbwfpu8qnnxsgzxutkxpgrset4r%2bsxq6wmyclpcdgvhv4jyinlxcmmakck7qcuj%2b13ddvgo3hnelp9zls41xj6tvfqfeh6yuyybenhgk%2bhmvm4b2%2bshmou%2bxpsjdxtxwgglk3vcrhlb%2fdbdq6xbncx31ntcvpehn%2bmsq%2fh81g4gpy%2f5f7fgwrwwwqrfjcc2v0djzlbjrc%2bzo3wu38elxago88p3701l9uoebtaqefv71wtvu1r8wnsunapj3z1r7v1hqxntwb9kf%2bhhkcmdv6wxkm2imeb1umnpypbsgop0bjg2m5hxamdyhv7ha%2fvaamsrxgkipad00gbkxxmkfzf8xgce7vlkamrksmai0bjjzkksd7z%2byvyq63ygc89yuqx5yj2spf2j3wv99i1l%2feci%2fmfwhefxo1a3ebkj4xu7yx8gjnakr5q5yad0wqskzlbmjyszzv%2fay9xzxxttq%2bunk9yr9dcolkatdx9ra%2fffdaaajjeiwdkvti0ne0q%3d%3d&expires=1734964059
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknownTCP traffic detected without corresponding DNS query: 20.198.118.190
Source: global trafficHTTP traffic detected: GET /vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip HTTP/1.1Host: bitbucket.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip?response-content-disposition=attachment%3B%20filename%3D%22%25D0%2595%25D0%25BB%25D0%25B5%25D0%25BA%25D1%2582%25D1%2580%25D0%25BE%25D0%25BD%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D1%2596%25D0%25B6%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25B4%25D0%25BE%25D0%25BA%25D1%2583%25D0%25BC%25D0%25B5%25D0%25BD%25D1%2582.zip%22&AWSAccessKeyId=ASIA6KOSE3BNMAKPA4TP&Signature=B7Nleos7sWvhCwqMlzaswjwFDkU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD0F3OG5MFPp%2FRz3%2BBM673xXTvAt7LQQicY8TgFNgqSmgIgCiu3EYOa4naJXBAA22stgtP7IELvFo37Ku6ks7ZvHycqsAII1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJpD9StVnxfN%2BRjYNyqEAv6XeJTkzaQnhwypwOBaylObo41xoVvm3UEwX2Onit61mJ%2FX8htz6800tBoyVBWFPu8QnNXsGzXUTKxPGrseT4r%2BSXQ6wMyCLpcDGVHv4jyinlxCMMAkCK7qcuj%2B13DDvgO3HNeLP9zLs41Xj6TvFqfEH6YuYYbENHGK%2BHMVm4b2%2BshMou%2BxpSJDXTxWgGLk3vCrHLb%2FDBdQ6XbNcx31NtcvpehN%2BMSq%2FH81G4Gpy%2F5F7fGWrWwWqRfjCC2v0DJzLbJRc%2Bzo3WU38elxAGO88p3701l9UoeBTaQefv71WTvu1R8wNsuNaPj3z1R7v1hQXNtwb9kf%2BhHKCmDv6WXKm2IMeB1uMNPYpbsGOp0BJG2M5hXaMdyhV7HA%2FvaAMSrXGkIpAD00GBKxxMkfzF8xgCE7VlKaMRKSmAi0BJJzkkSD7z%2BYVyq63ygC89yuqx5Yj2SpF2J3wv99i1l%2FeCI%2FMfwHefXo1A3ebKj4Xu7yx8gJNaKR5Q5YAd0WQskZLBMjysZZV%2FaY9xZXXTtQ%2BuNK9YR9DColkatdX9ra%2FFFdAaajjeIwdKVti0nE0Q%3D%3D&Expires=1734964059 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239363862712_1Y28E27W0AUV6JWOD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239363862713_1RWXDD5HJIZYGFTRH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239400773892_17T1CPYGPHYYUMXH6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239400773891_1XKX8280IWZU58KM4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402415510_1LQQ8WSBAXW97X0WT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239402456886_16PSERWAUMTCB5AWR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: bitbucket.org
Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: unarchiver.exe, 0000001C.00000002.4149481833.0000000000ED7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsp
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: payment_3493.pdfString found in binary or memory: https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.119.84:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49916 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50001 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50082 version: TLS 1.2

System Summary

barindex
Source: payment_3493.pdfInitial sample: https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip
Source: payment_3493.pdfInitial sample: https://bitbucket.org/vchasno/load/downloads/%d0%95%d0%bb%d0%b5%d0%ba%d1%82%d1%80%d0%be%d0%bd%d0%bd%d0%b8%d0%b9_%d0%bf%d0%bb%d0%b0%d1%82%d1%96%d0%b6%d0%bd%d0%b8%d0%b9_%d0%b4%d0%be%d0%ba%d1%83%d0%bc%d0%b5%d0%bd%d1%82.zip
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\.;5:B@>==89_?;0BV6=89_4>:C<5=B.zip (copy)Jump to dropped file
Source: classification engineClassification label: mal48.winPDF@52/54@7/6
Source: payment_3493.pdfInitial sample: https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip
Source: payment_3493.pdfInitial sample: https://bitbucket.org/vchasno/load/downloads/%d0%95%d0%bb%d0%b5%d0%ba%d1%82%d1%80%d0%be%d0%bd%d0%bd%d0%b8%d0%b9_%d0%bf%d0%bb%d0%b0%d1%82%d1%96%d0%b6%d0%bd%d0%b8%d0%b9_%d0%b4%d0%be%d0%ba%d1%83%d0%bc%d0%b5%d0%bd%d1%82.zip
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4832:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:120:WilError_03
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 09-08-59-225.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payment_3493.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,12156767145807301338,1356997387536762662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2024,i,7100417688120371546,15284684244205142337,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\???????????_?????????_????????.zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja" "C:\Users\user\Downloads\???????????_?????????_????????.zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\i4oysygl.ccy" "C:\Users\user\Downloads\ _ _ .zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\f03mjjhp.rbo" "C:\Users\user\Downloads\ _ _ .zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,12156767145807301338,1356997387536762662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2024,i,7100417688120371546,15284684244205142337,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\???????????_?????????_????????.zip"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja" "C:\Users\user\Downloads\???????????_?????????_????????.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\i4oysygl.ccy" "C:\Users\user\Downloads\ _ _ .zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\f03mjjhp.rbo" "C:\Users\user\Downloads\ _ _ .zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: payment_3493.pdfInitial sample: PDF keyword /JS count = 0
Source: payment_3493.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: payment_3493.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1050000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 4CA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2E90000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1010000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 1310000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2F30000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 4F30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 657Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeWindow / User API: threadDelayed 9315Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 7392Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4176Thread sleep count: 657 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4176Thread sleep time: -328500s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4176Thread sleep count: 9315 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4176Thread sleep time: -4657500s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4016Thread sleep count: 60 > 30Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 4016Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 14_2_00F8B1D6 GetSystemInfo,14_2_00F8B1D6
Source: C:\Windows\SysWOW64\unarchiver.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja" "C:\Users\user\Downloads\???????????_?????????_????????.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\i4oysygl.ccy" "C:\Users\user\Downloads\ _ _ .zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\f03mjjhp.rbo" "C:\Users\user\Downloads\ _ _ .zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link
Windows Management Instrumentation1
DLL Side-Loading
11
Process Injection
1
Masquerading
OS Credential Dumping31
Virtualization/Sandbox Evasion
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Disable or Modify Tools
LSASS Memory1
Application Window Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion
Security Account Manager3
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579909 Sample: payment_3493.pdf Startdate: 23/12/2024 Architecture: WINDOWS Score: 48 42 x1.i.lencr.org 2->42 56 Clickable URLs found in PDF pointing to potentially malicious files 2->56 58 Downloads suspicious files via Chrome 2->58 9 chrome.exe 16 2->9         started        13 Acrobat.exe 20 68 2->13         started        15 unarchiver.exe 3 2->15         started        17 unarchiver.exe 3 2->17         started        signatures3 process4 dnsIp5 50 192.168.2.24 unknown unknown 9->50 52 192.168.2.6, 443, 49680, 49702 unknown unknown 9->52 54 239.255.255.250 unknown Reserved 9->54 40 .;5:B@>==89_?;0BV6...4>:C<5=B.zip (copy), Zip 9->40 dropped 19 unarchiver.exe 4 9->19         started        21 chrome.exe 9->21         started        24 AcroCEF.exe 107 13->24         started        26 7za.exe 1 15->26         started        28 7za.exe 17->28         started        file6 process7 dnsIp8 30 7za.exe 5 19->30         started        44 www.google.com 142.250.181.68, 443, 49805, 50011 GOOGLEUS United States 21->44 46 s3-w.us-east-1.amazonaws.com 3.5.29.153, 443, 49801 AMAZON-AESUS United States 21->46 48 3 other IPs or domains 21->48 32 AcroCEF.exe 4 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 28->36         started        process9 process10 38 conhost.exe 30->38         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
payment_3493.pdf3%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
s3-w.us-east-1.amazonaws.com
3.5.29.153
truefalse
    high
    bitbucket.org
    185.166.143.48
    truefalse
      high
      www.google.com
      142.250.181.68
      truefalse
        high
        bbuseruploads.s3.amazonaws.com
        unknown
        unknownfalse
          high
          x1.i.lencr.org
          unknown
          unknownfalse
            high
            NameMaliciousAntivirus DetectionReputation
            https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zipfalse
              high
              https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                high
                https://tse1.mm.bing.net/th?id=OADD2.10239402415510_1LQQ8WSBAXW97X0WT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                  high
                  https://tse1.mm.bing.net/th?id=OADD2.10239400773892_17T1CPYGPHYYUMXH6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                    high
                    https://tse1.mm.bing.net/th?id=OADD2.10239400773891_1XKX8280IWZU58KM4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                      high
                      https://tse1.mm.bing.net/th?id=OADD2.10239363862713_1RWXDD5HJIZYGFTRH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                        high
                        https://tse1.mm.bing.net/th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                          high
                          https://tse1.mm.bing.net/th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                            high
                            https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                              high
                              https://tse1.mm.bing.net/th?id=OADD2.10239402456886_16PSERWAUMTCB5AWR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                high
                                https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90false
                                  high
                                  https://tse1.mm.bing.net/th?id=OADD2.10239363862712_1Y28E27W0AUV6JWOD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                    high
                                    https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90false
                                      high
                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
                                        high
                                        http://go.microspunarchiver.exe, 0000001C.00000002.4149481833.0000000000ED7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%payment_3493.pdffalse
                                            high
                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs
                                            IPDomainCountryFlagASNASN NameMalicious
                                            3.5.29.153
                                            s3-w.us-east-1.amazonaws.comUnited States
                                            14618AMAZON-AESUSfalse
                                            239.255.255.250
                                            unknownReserved
                                            unknownunknownfalse
                                            185.166.143.48
                                            bitbucket.orgGermany
                                            16509AMAZON-02USfalse
                                            142.250.181.68
                                            www.google.comUnited States
                                            15169GOOGLEUSfalse
                                            IP
                                            192.168.2.6
                                            192.168.2.24
                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1579909
                                            Start date and time:2024-12-23 15:08:00 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:0h 6m 11s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:defaultwindowspdfcookbook.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:31
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Sample name:payment_3493.pdf
                                            Detection:MAL
                                            Classification:mal48.winPDF@52/54@7/6
                                            EGA Information:
                                            • Successful, ratio: 100%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 139
                                            • Number of non-executed functions: 0
                                            Cookbook Comments:
                                            • Found application associated with file extension: .pdf
                                            • Found PDF document
                                            • Close Viewer
                                            • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 23.218.208.137, 3.233.129.217, 52.6.155.20, 52.22.41.97, 3.219.243.226, 172.64.41.3, 162.159.61.3, 2.19.126.143, 2.19.126.149, 23.195.39.65, 192.229.221.95, 2.16.168.117, 2.16.168.102, 172.217.19.227, 142.250.181.142, 64.233.161.84, 142.250.181.138, 142.250.181.10, 172.217.19.234, 172.217.21.42, 142.250.181.74, 172.217.17.42, 172.217.19.170, 172.217.17.74, 142.250.181.42, 172.217.19.202, 142.250.181.106, 216.58.208.234, 172.217.17.35, 172.217.17.46, 2.16.158.82, 13.107.246.63, 23.218.208.109, 23.206.252.175, 4.245.163.56, 20.223.35.26, 2.16.158.33, 150.171.27.10, 2.16.158.96, 20.199.58.43
                                            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, clientservices.googleapis.com, g.bing.com, a767.dspw65.akamai.net, arc.msn.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, www.bing.com, clients1.google.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                            • VT rate limit hit for: payment_3493.pdf
                                            TimeTypeDescription
                                            09:09:11API Interceptor2x Sleep call for process: AcroCEF.exe modified
                                            09:11:06API Interceptor813598x Sleep call for process: unarchiver.exe modified
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            239.255.255.2501lhZVZx5nD.exeGet hashmaliciousStealc, VidarBrowse
                                              https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                  https://laimilano.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                    https://www.google.com.au/url?q=//www.google.co.nz/amp/s/synthchromal.ru/Vc51/Get hashmaliciousUnknownBrowse
                                                      https://r.g.bing.com/bam/ac?!&&daydream=vasectomy&u=a1aHR0cHM6Ly9jeWJlcm5leGlsbHVtby56YS5jb20vVFZOUHIv==Get hashmaliciousUnknownBrowse
                                                        https://a41c415c7bccad129d61b50d2032009e.aktive-senioren.biz/de/st/1?#bqcnl4tocgzq65tck3bvGet hashmaliciousUnknownBrowse
                                                          foQJ23jqNw.exeGet hashmaliciousCryptbotBrowse
                                                            dWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                              jId3ER7NuY.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                s3-w.us-east-1.amazonaws.comFBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                • 3.5.25.82
                                                                BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                • 3.5.29.90
                                                                jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                • 52.216.152.124
                                                                mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                • 52.217.136.89
                                                                LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                • 16.182.101.249
                                                                zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                • 52.217.67.100
                                                                Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                • 52.217.18.140
                                                                5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                • 52.217.203.57
                                                                TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                • 3.5.16.86
                                                                uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                • 16.182.37.145
                                                                bitbucket.orgFBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.50
                                                                BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.48
                                                                jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.49
                                                                mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.49
                                                                LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.49
                                                                zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.48
                                                                Yh6fS6qfTE.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.50
                                                                5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.49
                                                                TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.49
                                                                uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                • 185.166.143.48
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                AMAZON-AESUSFBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                • 3.5.25.82
                                                                dWGmbwk5xy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                • 34.226.108.155
                                                                BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                • 3.5.29.90
                                                                qlo1CDVCSf.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                • 34.226.108.155
                                                                6dPpCeWDig.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                • 34.226.108.155
                                                                kFrGefsAK3.exeGet hashmaliciousCryptbotBrowse
                                                                • 34.226.108.155
                                                                NT3kfq4eeE.exeGet hashmaliciousCryptbotBrowse
                                                                • 34.226.108.155
                                                                DP3m5O6yk5.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                • 34.226.108.155
                                                                uuOuIXWp1W.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                • 34.226.108.155
                                                                4JpRlHS5uF.exeGet hashmaliciousUnknownBrowse
                                                                • 34.226.108.155
                                                                AMAZON-02UShttps://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                • 13.56.148.153
                                                                https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                • 76.223.125.47
                                                                R2-Signed.exeGet hashmaliciousValleyRATBrowse
                                                                • 18.139.89.40
                                                                TsWpfWrp.exeGet hashmaliciousValleyRATBrowse
                                                                • 52.74.204.186
                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                • 3.5.232.230
                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                • 3.5.232.130
                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                • 3.5.234.55
                                                                FBmz85HS0d.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.50
                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                • 108.159.159.70
                                                                BJQizQ6sqT.exeGet hashmaliciousLummaCBrowse
                                                                • 185.166.143.48
                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                3b5074b1b5d032e5620f69f9f700ff0e1lhZVZx5nD.exeGet hashmaliciousStealc, VidarBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                acronis recovery expert deluxe 1.0.0.132.rarl.exeGet hashmaliciousLummaCBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                • 20.198.118.190
                                                                • 20.198.119.84
                                                                No context
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):295
                                                                Entropy (8bit):5.206718987757681
                                                                Encrypted:false
                                                                SSDEEP:6:F0L+q2PN72nKuAl9OmbnIFUt8CzG1KWZmw+CzGjLVkwON72nKuAl9OmbjLJ:F0L+vVaHAahFUt8CzGAW/+CzGjLV5OaC
                                                                MD5:225DFE7C29D11F9215EE1A9B49CCD8EF
                                                                SHA1:FCC79BB566E019715C3B645945EED5311C391EA7
                                                                SHA-256:20BED4776B046FC7608BB4D5FB35EEF3BF0AC44299B8C0874C938144D43A005D
                                                                SHA-512:471DC5A63F1F315B68A63498FF91EF7729CF466DC15F9FCC24326C8791C33CE129C4F505E04649BA0F14125B006D84004FB1E00C214D6DA06EF17F7D4541BAD2
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.037 53c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-09:08:57.039 53c Recovering log #3.2024/12/23-09:08:57.039 53c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):295
                                                                Entropy (8bit):5.206718987757681
                                                                Encrypted:false
                                                                SSDEEP:6:F0L+q2PN72nKuAl9OmbnIFUt8CzG1KWZmw+CzGjLVkwON72nKuAl9OmbjLJ:F0L+vVaHAahFUt8CzGAW/+CzGjLV5OaC
                                                                MD5:225DFE7C29D11F9215EE1A9B49CCD8EF
                                                                SHA1:FCC79BB566E019715C3B645945EED5311C391EA7
                                                                SHA-256:20BED4776B046FC7608BB4D5FB35EEF3BF0AC44299B8C0874C938144D43A005D
                                                                SHA-512:471DC5A63F1F315B68A63498FF91EF7729CF466DC15F9FCC24326C8791C33CE129C4F505E04649BA0F14125B006D84004FB1E00C214D6DA06EF17F7D4541BAD2
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.037 53c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-09:08:57.039 53c Recovering log #3.2024/12/23-09:08:57.039 53c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):342
                                                                Entropy (8bit):5.21625172838363
                                                                Encrypted:false
                                                                SSDEEP:6:FT3+q2PN72nKuAl9Ombzo2jMGIFUt8CgZZmw+C1VkwON72nKuAl9Ombzo2jMmLJ:FT3+vVaHAa8uFUt8CM/+C1V5OaHAa8RJ
                                                                MD5:45E81AFAD960214E8D21644AEF21D537
                                                                SHA1:B1D05F11E76CA7D78670913C6CCDA7D7288CAA2E
                                                                SHA-256:A3FCA0623245AF0622233C04537F777DD2FE6A321F6BEA4A82A75A727C55A411
                                                                SHA-512:FD4773522A2133D6241CF512990AD87A15E980E007D5EE5B35A06927311D418B0514126436216C9BDB01640B780E96E9E76A16464EDCEE65BF9E4D7BD00945D2
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.144 149c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-09:08:57.145 149c Recovering log #3.2024/12/23-09:08:57.146 149c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):342
                                                                Entropy (8bit):5.21625172838363
                                                                Encrypted:false
                                                                SSDEEP:6:FT3+q2PN72nKuAl9Ombzo2jMGIFUt8CgZZmw+C1VkwON72nKuAl9Ombzo2jMmLJ:FT3+vVaHAa8uFUt8CM/+C1V5OaHAa8RJ
                                                                MD5:45E81AFAD960214E8D21644AEF21D537
                                                                SHA1:B1D05F11E76CA7D78670913C6CCDA7D7288CAA2E
                                                                SHA-256:A3FCA0623245AF0622233C04537F777DD2FE6A321F6BEA4A82A75A727C55A411
                                                                SHA-512:FD4773522A2133D6241CF512990AD87A15E980E007D5EE5B35A06927311D418B0514126436216C9BDB01640B780E96E9E76A16464EDCEE65BF9E4D7BD00945D2
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.144 149c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-09:08:57.145 149c Recovering log #3.2024/12/23-09:08:57.146 149c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):475
                                                                Entropy (8bit):4.971824627296864
                                                                Encrypted:false
                                                                SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                MD5:F326539D084B03D88254A74D6018F692
                                                                SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                Malicious:false
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):475
                                                                Entropy (8bit):4.971824627296864
                                                                Encrypted:false
                                                                SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                MD5:F326539D084B03D88254A74D6018F692
                                                                SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                Malicious:false
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:modified
                                                                Size (bytes):475
                                                                Entropy (8bit):4.965183891754543
                                                                Encrypted:false
                                                                SSDEEP:12:YH/um3RA8sqRxsBdOg2HDpgcaq3QYiubcP7E4TX:Y2sRdswidMHDp3QYhbA7n7
                                                                MD5:FB9C0A016B752ECD3EB2C13F2E7A17BF
                                                                SHA1:4AC7872D5B68052391652E22B89A7075BE31C9F5
                                                                SHA-256:CC1163C965B015E5D2D76EE1268AE7DD68F37AF1A1684381FEFF9E4776DF6D74
                                                                SHA-512:A4461458A8B420E65D17861C4300BA33ED38B3AE4BF51F926E25548F56F8FEB282585B8047DA18D378A0447F6DCEBFB4FB96C680CD5F979D428F310BA3489398
                                                                Malicious:false
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379522949469552","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":627461},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):475
                                                                Entropy (8bit):4.971824627296864
                                                                Encrypted:false
                                                                SSDEEP:12:YH/um3RA8sq1ZhsBdOg2HIJnAcaq3QYiubcP7E4TX:Y2sRdswydMH0r3QYhbA7n7
                                                                MD5:F326539D084B03D88254A74D6018F692
                                                                SHA1:395B367E0E3554C3E78A8211F2D4B9F0F427CA87
                                                                SHA-256:9379694CADD7846403E1B6975502326FBC619E0E3A873BBB7BC2C03EE3623007
                                                                SHA-512:C8B5B1DD28605D3FCD9EF4A28BE1125137E6B3CB967F59CB2113656C8EFFFB3842115962DF8B25E9C3FA504F5E1B0A116D780326B1AB8062DC6AC0D80E7C3539
                                                                Malicious:false
                                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341048370594526","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":151499},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):5859
                                                                Entropy (8bit):5.250164105841975
                                                                Encrypted:false
                                                                SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7OTKIp:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhi
                                                                MD5:81D6132AA521C2E6BC33DF772EE491B4
                                                                SHA1:797DABDDAFF7F3FA0B76D7C9BFE74F2486870C61
                                                                SHA-256:52A7A31BB46E0872E1692E51D50F451A569C2C2F92F94F51AB1380030DA022FE
                                                                SHA-512:6BEA0D454059D7ECB9FDFD1999219A04EE117690DB0B16134B3588D5F34B5E30A07A241614459637DFA8F431D334475BAB59F3B6C2D7A2752290301B26ADF117
                                                                Malicious:false
                                                                Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):330
                                                                Entropy (8bit):5.223316121963081
                                                                Encrypted:false
                                                                SSDEEP:6:FRQFQN+q2PN72nKuAl9OmbzNMxIFUt8CRWXZmw+CRSFI1NVkwON72nKuAl9OmbzE:Fi8+vVaHAa8jFUt8CoX/+C0enV5OaHAo
                                                                MD5:F1A9F8453EFFA45CC229FA0FB48C9EAB
                                                                SHA1:4DF394148807335CDE9E2BDF58E5CDCA735740D8
                                                                SHA-256:85F960800294AD38BE73A42958F3B54B4831690BCF0B088F5B20908C490922AD
                                                                SHA-512:A5175DE0A201AC38B2527D1ABF6593AA497BB7A6858371044B6BC1C490EC47C9779E6094EDC9C92CCB0A34B102E2227B31C95CC9B60326C39D2CD758CAB9B53F
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.335 149c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-09:08:57.336 149c Recovering log #3.2024/12/23-09:08:57.337 149c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:ASCII text
                                                                Category:dropped
                                                                Size (bytes):330
                                                                Entropy (8bit):5.223316121963081
                                                                Encrypted:false
                                                                SSDEEP:6:FRQFQN+q2PN72nKuAl9OmbzNMxIFUt8CRWXZmw+CRSFI1NVkwON72nKuAl9OmbzE:Fi8+vVaHAa8jFUt8CoX/+C0enV5OaHAo
                                                                MD5:F1A9F8453EFFA45CC229FA0FB48C9EAB
                                                                SHA1:4DF394148807335CDE9E2BDF58E5CDCA735740D8
                                                                SHA-256:85F960800294AD38BE73A42958F3B54B4831690BCF0B088F5B20908C490922AD
                                                                SHA-512:A5175DE0A201AC38B2527D1ABF6593AA497BB7A6858371044B6BC1C490EC47C9779E6094EDC9C92CCB0A34B102E2227B31C95CC9B60326C39D2CD758CAB9B53F
                                                                Malicious:false
                                                                Preview:2024/12/23-09:08:57.335 149c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-09:08:57.336 149c Recovering log #3.2024/12/23-09:08:57.337 149c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                                Category:dropped
                                                                Size (bytes):65110
                                                                Entropy (8bit):1.0388829673346764
                                                                Encrypted:false
                                                                SSDEEP:192:VynApqeV/ZLRVKy+Slzv52T3OW7NXVI65HBRg93:0ApqeVRXKy+S6TfNX265H3g93
                                                                MD5:56C711D22ADFA0B58926C3D8E5C34021
                                                                SHA1:B03247E20144B8DB358B5BCFA51D3A7B7E811E22
                                                                SHA-256:4AAC28C5B118D5E855AD7C3C45FB298A8A237D999160CF0B8338182C028B3DD7
                                                                SHA-512:7FC74D184D5087498C01532503738C34EBDBC46A6FF6F583CB51566E2D432D0CBF140687C750309329B6903784D788172EFB2AAB899C5EBEF2FFAEBC5B6A85C5
                                                                Malicious:false
                                                                Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                                                                Category:dropped
                                                                Size (bytes):86016
                                                                Entropy (8bit):4.444695625536375
                                                                Encrypted:false
                                                                SSDEEP:384:ye6ci5tCiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mNs3OazzU89UTTgUL
                                                                MD5:849A00C287AEB38E78E3A34E7E0E27C0
                                                                SHA1:DC52E6E05E079A0ABB642C9BEC58C9F36C811821
                                                                SHA-256:59366BDF8780D208DDDAFB16F52F0EB6524553B0C1DCF049E283AFAFB2245B61
                                                                SHA-512:A93261A3BCF87B9277CF907417E6E81C9ADCBC88627AC06EEDC5207C8201C856D8FD4D4AE0FA796F4F702A0910A15B307C62A2E97E4089CE3908A86D9B0F5DCA
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite Rollback Journal
                                                                Category:dropped
                                                                Size (bytes):8720
                                                                Entropy (8bit):3.769512733535976
                                                                Encrypted:false
                                                                SSDEEP:48:7MmFJioyVjV4ioyqVt8oy1C7oy16oy1oVRKOioy1noy1AYoy1Wioy1oioykioyBA:7JFJup4ltBHDXjBi3b9IVXEBodRBko
                                                                MD5:0B7BC05E7E51EEE04435F68A32E22CBE
                                                                SHA1:42718B6F91772745F3430F013591EDF1A4B05316
                                                                SHA-256:652F4AC48BE468FBE9B5CAC12775453DBC601406152FB2835BB27E294B006A43
                                                                SHA-512:E4B18F0D5192A16574B09F95993995DD54BF9B0928680934012CEA6E0D25A69D2B5E2E81F3A02CD1552C3EDB11BB477C32C492542B37E935B034227D557774FE
                                                                Malicious:false
                                                                Preview:.... .c......}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:Certificate, Version=3
                                                                Category:dropped
                                                                Size (bytes):1391
                                                                Entropy (8bit):7.705940075877404
                                                                Encrypted:false
                                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                                Malicious:false
                                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                Category:dropped
                                                                Size (bytes):71954
                                                                Entropy (8bit):7.996617769952133
                                                                Encrypted:true
                                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                Malicious:false
                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):192
                                                                Entropy (8bit):2.7234941003697
                                                                Encrypted:false
                                                                SSDEEP:3:kkFklvlhhLkfllXlE/HT8kZ1NNX8RolJuRdxLlGB9lQRYwpDdt:kK8L9T8u7NMa8RdWBwRd
                                                                MD5:0D10A5CDA8E168F1EF775C605805DD88
                                                                SHA1:61DD1327AB20B220E9075905F48EC18928C8A4E6
                                                                SHA-256:9FE0556E0EB995E4F818ED4DDF3B207C13D4AA7570B21F153A7862BDFF05FF80
                                                                SHA-512:6D37D4CE8B40F6233A54246B9BF1B45293706CA20D2BA072D6444BE8DEE8538ADC19CAC8EC7A899D10C863A239D4D1C07F26B66364D1DACBC38C01102E085EC8
                                                                Malicious:false
                                                                Preview:p...... ...........=DU..(....................................................... ..........W....9...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:data
                                                                Category:modified
                                                                Size (bytes):328
                                                                Entropy (8bit):3.150184159866505
                                                                Encrypted:false
                                                                SSDEEP:6:kKnc9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:f/DnLNkPlE99SNxAhUe/3
                                                                MD5:5EFEE83A87E711A7A755895361966658
                                                                SHA1:C33AF2A976C39F941958DD673C99C99AB6784592
                                                                SHA-256:76BD3FA18065AFE182DE10B49FDE42001D8FCC18162304C371A583B6BDA4104C
                                                                SHA-512:6D810C61D752511C7366A5D512D57BEF4513541E1E85A32AAA672E95693D4640E57611D29D09C40158608A8E6F260BA8ED77A5332E1AF325176DDB486647571F
                                                                Malicious:false
                                                                Preview:p...... .........,.PDU..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):295
                                                                Entropy (8bit):5.366150954530171
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJM3g98kUwPeUkwRe9:YvXKXqV1Qec5OGMbLUkee9
                                                                MD5:F6D215F34FD8A0C705F47D95DA964753
                                                                SHA1:9090F65E1F2ACE72679FE1C0183FC3E844139C65
                                                                SHA-256:E5FBB31348D14F6E6C4FDBBDB1E26FEF74EB849E65ED21477C361E7F55CCB54E
                                                                SHA-512:A27CC680883407A86B8A3A20F66A29DAA6E350F9ACEF384B34E5B6981498E745468D5A32C6578C5BB0CBA0F14C83F6FE389E7E3B504709443D619ED6C22E3CB0
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):294
                                                                Entropy (8bit):5.315496563197679
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfBoTfXpnrPeUkwRe9:YvXKXqV1Qec5OGWTfXcUkee9
                                                                MD5:279266CADA408A1F0932045B965A7DB4
                                                                SHA1:2A2753E57E5E2FD9B349897B8AF4BAA0718A0241
                                                                SHA-256:754608FB83F52461373894D20B260B08DE27D67FB67AF03FA7DE4E62413835CB
                                                                SHA-512:037355843F669F8243CD509ABBB84D53B45F4A59E83D8D9A2F13B31B10C19D3C054B335B625EBEC095B3DD284DD91819FF8014E9847B83204D5787008E8CAE67
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):294
                                                                Entropy (8bit):5.294317638243278
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfBD2G6UpnrPeUkwRe9:YvXKXqV1Qec5OGR22cUkee9
                                                                MD5:0BA41A51E1D99371415C651CE68F407E
                                                                SHA1:EF0E5348293BA16DDBEBC54A70DAFE600688FE51
                                                                SHA-256:08254D18EC3F5029D7801A491A0286263DBE8FC7535344076D7BD6F887A4A57C
                                                                SHA-512:64187D64EC3945E804FA79D4E518087342CD134805CE256334E3E4BCAB658C6DFB6A1D10CE1FB335158AA14073EF78EC28C1660DC3345ACEBBB24747D3938793
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):285
                                                                Entropy (8bit):5.34627133960509
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfPmwrPeUkwRe9:YvXKXqV1Qec5OGH56Ukee9
                                                                MD5:737BDB1850A75691BD3DB59FFCC64B41
                                                                SHA1:CEA950A6670751F939B2BCC6CD25467C3B743552
                                                                SHA-256:B47590EC6A6817D87C0CB1C82D98114780C33677146D0DC9BC7AC076089C4FCC
                                                                SHA-512:41DA9F3289EE7FD2907F4A430F58CD2FF70C792E84F65D5DCEF12017558532D1B3ABFD2EAB8AFE53BC1DF562A69BF41D724240B76294F4A00ACCC953B62A18DF
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):1123
                                                                Entropy (8bit):5.688755196247676
                                                                Encrypted:false
                                                                SSDEEP:24:Yv6XqVcBpLgE9cQx8LennAvzBvkn0RCmK8czOCCSV:YvVVMhgy6SAFv5Ah8cv/V
                                                                MD5:20D69B366DAE1DD96C7396F660861FBE
                                                                SHA1:B53B6692085148747F63A80E5E3A7928BA742BDA
                                                                SHA-256:048902D362D8DB681F7D451C8382E5426C69663B0C8E023F4A94C65A9D06A72F
                                                                SHA-512:1BE1D5C243C1CCA9566588A3BDF96A9F9A1987B54E9A7D4EEB02E14DDE77CEBB3F4A5EA6A1C6831054409BC2897F05079431D4B8DB8EEB4DCE658016EFBD9499
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.296196116648771
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf8dPeUkwRe9:YvXKXqV1Qec5OGU8Ukee9
                                                                MD5:3FA4CB648A58ECBF8E38EE3A0A92DA5A
                                                                SHA1:AC32B9FEAF79F7C03B6390931AE321F69492BA15
                                                                SHA-256:0316A734494B95BCFB5A8FFE7011B2E0AB16053728ADB1A085F783C6BA44EE64
                                                                SHA-512:7429500EED8C4186946F8B018F3210EFC45403CFF0341DF0E33761847FF758BC6944A22E39080754B6C3A59F9DE745CEA7EBB2D431AB27CC3F78DB698A877B71
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):292
                                                                Entropy (8bit):5.29830382567485
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfQ1rPeUkwRe9:YvXKXqV1Qec5OGY16Ukee9
                                                                MD5:78DCCF9917157C707099823A49193D0B
                                                                SHA1:10B9F0C109363819503431CC807FAFF3AF07443B
                                                                SHA-256:F6A40034E311CD981F44707F0507B83A7D096F35543A94D2A393DCF805DD9AE0
                                                                SHA-512:97409BAF333029A181E9821549B7FBE5EC7BF5226B40800B5F2FC744E72BCFCD8ADDA9A41049E268689D2BCF36CAC8ED64F9C8A1B19771E2CF84BAEC368C79AB
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.307685825085937
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfFldPeUkwRe9:YvXKXqV1Qec5OGz8Ukee9
                                                                MD5:86366E0142A66EBC67E755B38E926E95
                                                                SHA1:759E268B3806BF48DA02278B095E939F9D9DCC97
                                                                SHA-256:14D26E7931C5DB6466D434BEBE35B7DE4D331BFF16A3C0991D30AAF60463C4F5
                                                                SHA-512:E5CABFE188D0D9BDC314039EC8BA394D08FDAF8CC6CF1F33C536BFDEF259ECE072BD41B86345FC23B83A9781D62F432F7EB383D5360B5F6A9C800E5F044EC578
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):295
                                                                Entropy (8bit):5.322966058837098
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfzdPeUkwRe9:YvXKXqV1Qec5OGb8Ukee9
                                                                MD5:AB3B0B723DFCD8613487ED51C5DAF9D4
                                                                SHA1:79651735FCFFBDC3E2BB2F6DA71A93BAA2B59887
                                                                SHA-256:463AB956053362A942AB890D61DF7D2A76A065E970663C1A4A2AD4A14174DCEE
                                                                SHA-512:168C03B93ED3D13EF123DB852DE161445D5F69D0749F835239A00532E22580551E912631FA2FEC41D9184DA71F5EB31788B9ED6FDF33023D851CAD60E82580E3
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):289
                                                                Entropy (8bit):5.3033907746352185
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfYdPeUkwRe9:YvXKXqV1Qec5OGg8Ukee9
                                                                MD5:E1BB8AB51EF0B86E1B912CBC5EDAA57A
                                                                SHA1:ABF463844E5CDB98E0FA569EC40BEC2943397505
                                                                SHA-256:94238FDB458FA1B77E5319A6BF309A981A709EC0C995600342C99CCC62404E2D
                                                                SHA-512:9186C182E68B88B11DB0B311F57406C9F4398CB0F9317820D5D2C4D1D0CCC8F6B577E6B1FB0700FC919FE01A5129A1FF7ABC1E060AA62F67F2D91C2D2B0CEABA
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):284
                                                                Entropy (8bit):5.290082197815087
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf+dPeUkwRe9:YvXKXqV1Qec5OG28Ukee9
                                                                MD5:9738AD7281DFF616BDE0759CD32869A1
                                                                SHA1:0F7AC0807DAAC94393452B1488B47B0FD92CAEA2
                                                                SHA-256:D7A3B7DE2156E87157C35730F02FF5288BE2D36E4A7322AA24AAB53D6C694BAF
                                                                SHA-512:08738DE47C11EDF8A0CFD5E66EC2CA7E5E67956E8DCF4CA6AF09B3ACC6602ECEAC72DC4F867D2A5E7EA2C81E4CF13F82412DD0BB49DDB88B1A7CD4F2D0E4F23A
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):291
                                                                Entropy (8bit):5.286914568016056
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfbPtdPeUkwRe9:YvXKXqV1Qec5OGDV8Ukee9
                                                                MD5:FE1672F05E10860B0B88D4127EDF2649
                                                                SHA1:8771795DCF9728802EC137C810B165CDDFFBC900
                                                                SHA-256:B6F2DB2F7911855ACF5F65D6DC0FAB19FD8E6ED19B33B202ADD6CC374954DDB1
                                                                SHA-512:630CB55243513211B57D59DE320AA8C80ECCCA7EF719CD413D050A7342BA330153220C2949240EF9C120759C94E2AC2D9FDB519C05DBC5E1F78C826414B0C35A
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):287
                                                                Entropy (8bit):5.290028441103099
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJf21rPeUkwRe9:YvXKXqV1Qec5OG+16Ukee9
                                                                MD5:032D593A4626F3EA7D275B0B9113C316
                                                                SHA1:951149DA585978C1E631833CD1605EA52957722B
                                                                SHA-256:A20FF0FB9507030C06185C90D5E3A39D5AACA90FAE2BD84B9DE91CB1E9459571
                                                                SHA-512:10C76A11084881776FFD24BCF500A79F44C8B7475BC27979E33FBE5E718E4A347D4F1B250DE0ABF78793057FB89298986B018414F19EC6A2A24AACD51092BF67
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):1090
                                                                Entropy (8bit):5.664950018501152
                                                                Encrypted:false
                                                                SSDEEP:24:Yv6XqVcBamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSbn:YvVV+BgkDMUJUAh8cvMb
                                                                MD5:64DE308816A761A483BF6007B7857AFC
                                                                SHA1:F7CCE06A8AA386C892A1564FCAC9F0A4B23AC3F6
                                                                SHA-256:F31D7AD6CBBFA5170A9B5DDC01C4848B62BC833CE4990B2F8A0C7C1273B0FA82
                                                                SHA-512:61474DD0ED157057FF604681B2757E0376190B41E0E4F88C635AD0E81F97905AEFA525A5CFE02BD9B4EE805E45084E2F7E186C0F3BC3493A66CA757590C1599E
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):286
                                                                Entropy (8bit):5.268562340101076
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJfshHHrPeUkwRe9:YvXKXqV1Qec5OGUUUkee9
                                                                MD5:D42D35F8F819492CB9EF852FDE39CE0B
                                                                SHA1:10F1EA0A8E431F65CAC56E1C8D9C776B411EB246
                                                                SHA-256:FA8E89844022AAF1BA37B4CC34B29FBA488EBB456FF63CF0B810A6DFB11D8861
                                                                SHA-512:0099D3003F1C5FBDB9ED7B4AB0003110598750356C264F715F55052EB580D7AD8284655A7ECE1A44F0DE58457525E84DCFE8DF6F920E3072EC8554CC86AA20DF
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):282
                                                                Entropy (8bit):5.27987668339171
                                                                Encrypted:false
                                                                SSDEEP:6:YEQXJ2HXqV1M5pxUnZiQ0YxWxoAvJTqgFCrPeUkwRe9:YvXKXqV1Qec5OGTq16Ukee9
                                                                MD5:5FEA3D36CA72013841980B3FB14DD847
                                                                SHA1:708414A04AC7E3FAFEF46CCC35712FB382053D00
                                                                SHA-256:2602B340E04C78BD4AFACC74E2AF0CDF8AD19490ED07687A6A2DDAD4F4545C27
                                                                SHA-512:241ED80771F76EC9CF0E668D53E811BF286F3357160951DDA52CF4ABBBC3703A7581440B882F811B6C97FD3ACDD1845FCDA7B4D878D34A2A0F200F93617D89D9
                                                                Malicious:false
                                                                Preview:{"analyticsData":{"responseGUID":"be3fb70e-67ff-457a-bc27-6d4e9cf96910","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1735137186698,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):4
                                                                Entropy (8bit):0.8112781244591328
                                                                Encrypted:false
                                                                SSDEEP:3:e:e
                                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                                Malicious:false
                                                                Preview:....
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:JSON data
                                                                Category:dropped
                                                                Size (bytes):2814
                                                                Entropy (8bit):5.141985882228248
                                                                Encrypted:false
                                                                SSDEEP:24:Y1HaapQB3ayvgnXHvT2dYvpNjfjsj0STvb2m92LS9CpUiP3H6ZI555R9vuJOG:Yh2oXHWMfj+b77OUiPaCZR9C
                                                                MD5:A07F0D42654EFF27B0F9D1C63B956526
                                                                SHA1:A885CAEC34997BD8E9F642BA7782DB2276D333A1
                                                                SHA-256:22D229ABB3ED33E83D40A9BF9538BC8AD5BFF58B76E157BE0ACE9FB6FC5F1C7D
                                                                SHA-512:54604F8459E52B3E431800EA8E69A8B4341033E3D562D2C303CC0BB60CE85838C191B44B136E2BAF01CFE91307A9E490AD7B6F43661A98DA332B229ECC227590
                                                                Malicious:false
                                                                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e711ec96d81484079b77de709469cd5c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734962945000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"71eb40a3cfc33d6355ce11588d19be15","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734962945000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"bb92a6d45a15ed82472e12c5000d008d","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734962945000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"38b3e9351e076fa2f361c11af2cc9da6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734962945000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"4af589e38f0e0eb73fca88fd30c804b0","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734962945000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"fdff8dd7181e2212766f35d70fef3bc2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                                                                Category:dropped
                                                                Size (bytes):12288
                                                                Entropy (8bit):1.144518192472927
                                                                Encrypted:false
                                                                SSDEEP:24:TLhx/XYKQvGJF7urslJmRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudW:TFl2GL7msj4Xc+XcGNFlRYIX2v3k++
                                                                MD5:C953C484AA250F1BD56BDCDB4B01683F
                                                                SHA1:93B0DFD589E70D086AA8D079C3D1684646970244
                                                                SHA-256:FCD404D7E15505385BECBF5DC62592FD46E188D1AA256A64180927B35BA4BB75
                                                                SHA-512:DD7B724282467CEFFC394C78BF9B10C8988D4658DFF6A2D2D2C398C083D39FC99EB82EFF35E8D2BA671FF3D46321789F46C886577D1A74FA7AEE063F274CA954
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:SQLite Rollback Journal
                                                                Category:dropped
                                                                Size (bytes):8720
                                                                Entropy (8bit):1.5487681351182874
                                                                Encrypted:false
                                                                SSDEEP:24:7+twYJmUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxfRqLxx/8:7MNPXc+XcGNFlRYIX2v4qVl2GL7ms6
                                                                MD5:998D016D22CAFBAD0468B9A0448279C7
                                                                SHA1:1D16704FCC3ED8738FA522690ED8F6E5DA9139F2
                                                                SHA-256:0E07E1241D8BD4646314F941993FD70F47249D4FBD166187E6C8A3F8D0588B3F
                                                                SHA-512:667542C037EB0853E12365EC5663E7B0A25F26CF202DEA3CC230040EC69A402583C130D466873175F7C7A5141DE39DAABEA239C424AADD7229400C6F77F9CA5B
                                                                Malicious:false
                                                                Preview:.... .c.......L...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):66726
                                                                Entropy (8bit):5.392739213842091
                                                                Encrypted:false
                                                                SSDEEP:768:RNOpblrU6TBH44ADKZEgookjWEEk6XYqDpe29vMz533IYSNpYyu:6a6TZ44ADEooOye2909HIYSTK
                                                                MD5:0C6B5809ED6E443CAE21C19767DD98F5
                                                                SHA1:12B3604C0A3A057AE9DF30F04D5324B1EA165589
                                                                SHA-256:08C588DFB497BD3A3914E2D9A1D92DDC6362C4D5CC803C5E453547AB770A6814
                                                                SHA-512:57DCF39E877FD0652DE8154A4816B92F84ED587844AEBC8677D476EE58C3AF0891906CD1C9460ABAAFB61CFC873C1851EC4533038784FC744DD90F3BA4DA3175
                                                                Malicious:false
                                                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                                                                Process:C:\Windows\SysWOW64\7za.exe
                                                                File Type:Unicode text, UTF-8 text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):156
                                                                Entropy (8bit):3.9510533117572035
                                                                Encrypted:false
                                                                SSDEEP:3:SU1Zg5QSSJ1Z1f0ZkkQV1Qz1V0xG1E0zF1YtRbV0vl1t0n1V1Y1x1e+Y1nuVVt0Y:nSQSSJ1ZUkk+QBegEjtMHAfYzen1uVRv
                                                                MD5:8B02C7DA02910117FE42E84DFED0C248
                                                                SHA1:ABC33DD26E4584362FDE28706D1F2196509C6AC6
                                                                SHA-256:DE658ED0A267050929179583834D241B1109C1FB3250DB2CF2777A1C289E1CBE
                                                                SHA-512:1B95FBFAB60532573C2E2C3E90D020AC39B021CDDBFBD550C97BCF8CDF50CF0057B5C4BA1BF4C497CE57416E73F0B3A4771D3724A155C245A7D96A4F432141BA
                                                                Malicious:false
                                                                Preview:. ..... .......... ........... ........ .. ........ ........... ... ... .......: 398558
                                                                Process:C:\Windows\SysWOW64\7za.exe
                                                                File Type:RAR archive data, v5
                                                                Category:dropped
                                                                Size (bytes):71870
                                                                Entropy (8bit):7.997241758915592
                                                                Encrypted:true
                                                                SSDEEP:1536:nj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGo:j/4ErttsYhU+iMOtxsVWGGo
                                                                MD5:EFC9C4752ADFF37FFE8539D93ADCB197
                                                                SHA1:D7A0BBA9E3D08221DDB8BA283B8BD90335479450
                                                                SHA-256:E25FB26939C1617EA43835973522030866D4FD857DFAF90CDC001321444C465C
                                                                SHA-512:6C4412BF25AED1D0649B24187E4C48861C793AB953E0BFD30472F122BAD9BCB11B9A48D9CACF25E07F25A381A8FC9DD5F9D8FCB2B2E8B57D399DD7912F763002
                                                                Malicious:false
                                                                Preview:Rar!....S.od!.......#=>.~...7..#.B..`...wh...U...8.....|.7...A..BwR..wQs~......Ve.|....../ ..i.......;.+.z.[A+..-BM5.Cu..x...H.h...f..4...=.VM..0...Pu.C....t........{B.y..(d8Z1c...F..(..>5P.u._/7.2.u.M|....%ed...6{;...l.dTkpM$4.r...B....4.,t.l..Q...5X.K.`.J..l...,.:.;....e#....I..XA..e.kJ.{.5..X..`.q.J..'@.j..>.0.{..?..KB.E..$.jL...>1s....:......@la.V.ly$..mr{....P../sm...'.J.M.v.R..V..vA.5*J..J...!j^G..vz...`.|.I......P|L.{u'..1S.......A.H..H"W$........}0... .........e........%:.l.... ..D.5..KcT.wg.@d.)6.O...fU*Y4;..).uJ".7.+n.Y..?.?PM..x.Z.dB...a.....;....J.. ...Od0...d.....,.v.R..K..i.....HO...2......y.hn./..J.....u7...]UKQ....x.T...Y>H...B)..`....Na*.f..H...4c....hL....jR...W.dZ.K.6.3.<56P.K)...1.........E]{..\..r^.......J...L...H\=.......P.. sL...i..O..!O8.!..E...:+...K...c.....73.......f.xb @..[..(....2......e.n....4...bL./=BXn.P....... ...AS..}{&..`B.a...,K...]."h....].....7.pDq..P.0Z*..@...oh.e.E.0...<.9...L......s0...R4.[U...
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):246
                                                                Entropy (8bit):3.5162684137903053
                                                                Encrypted:false
                                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAq0D:Qw946cPbiOxDlbYnuRKDlW
                                                                MD5:4309C6993DB42EFAE68AF032F3F32EC5
                                                                SHA1:EC384388893DD474B95BC38C19085793CE7DAAA0
                                                                SHA-256:60E311B858315B60D897812783826AD3C0A12B9ACAC81DECA50E333682910507
                                                                SHA-512:89CE2A5DF1C833A0CA71D7F09ACDC03466F2ABB052E1196B230C3886BCE539BFC44823A8C1FF9CF68E89F3129ADE25D80962493EC2205AF905B51900FBA00B95
                                                                Malicious:false
                                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.2./.2.0.2.4. . .0.9.:.0.9.:.0.4. .=.=.=.....
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with very long lines (393)
                                                                Category:dropped
                                                                Size (bytes):16525
                                                                Entropy (8bit):5.338264912747007
                                                                Encrypted:false
                                                                SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                                                                MD5:128A51060103D95314048C2F32A15C66
                                                                SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                                                                SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                                                                SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                                                                Malicious:false
                                                                Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):15114
                                                                Entropy (8bit):5.3704760085315915
                                                                Encrypted:false
                                                                SSDEEP:384:feqb663MEa11u/M8qOA757uvXY3cixpQqpwc1Nd0Z/w1H9lRRuZ4XIX2jdz1U1VQ:CYa
                                                                MD5:C9FDCA777F65C2D7B0C4CC1F3BE6C40D
                                                                SHA1:4ECB290ED3076250D610E0AFB48DA92D95A78F9E
                                                                SHA-256:3176A28BEE3925B876BE5A646D2029572A9BC0CB57C3C9426E4EABBF7B493558
                                                                SHA-512:B903767CED84DD7286F27E6EB87C4DDFC1EC27D045C40B4EFE06565A6ED407926C45DC39631645CE85C5DD300073BF406103C16B2E73AA8443937459DBC28F59
                                                                Malicious:false
                                                                Preview:SessionID=b5d7a6c6-542f-48cf-9ac4-e72085d6c12c.1734962939235 Timestamp=2024-12-23T09:08:59:235-0500 ThreadID=2096 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=b5d7a6c6-542f-48cf-9ac4-e72085d6c12c.1734962939235 Timestamp=2024-12-23T09:08:59:236-0500 ThreadID=2096 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=b5d7a6c6-542f-48cf-9ac4-e72085d6c12c.1734962939235 Timestamp=2024-12-23T09:08:59:236-0500 ThreadID=2096 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=b5d7a6c6-542f-48cf-9ac4-e72085d6c12c.1734962939235 Timestamp=2024-12-23T09:08:59:236-0500 ThreadID=2096 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=b5d7a6c6-542f-48cf-9ac4-e72085d6c12c.1734962939235 Timestamp=2024-12-23T09:08:59:236-0500 ThreadID=2096 Component=ngl-lib_NglAppLib Description="SetConf
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):29752
                                                                Entropy (8bit):5.406083948606664
                                                                Encrypted:false
                                                                SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbccbwIxTcbV:V3fOCIdJDeZxE
                                                                MD5:D64869530B59B6661CDAEE071729A269
                                                                SHA1:ABF58A926B08FD64A55B797DFD8D21445ADAD593
                                                                SHA-256:D7F5C156D0B466212E1D830A61C782AFAF26405AE43955AD34463235BE73AD41
                                                                SHA-512:54B569240FED14254B7E44B12967BA7F4586355A70407C30CE2915CB1473F3911D50126B80F55059CBA43A7CEB98B3E1B872BD67C6AE71E83CFF21E3B18616C8
                                                                Malicious:false
                                                                Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                                Category:dropped
                                                                Size (bytes):758601
                                                                Entropy (8bit):7.98639316555857
                                                                Encrypted:false
                                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                                MD5:3A49135134665364308390AC398006F1
                                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                                Malicious:false
                                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                                Category:dropped
                                                                Size (bytes):1419751
                                                                Entropy (8bit):7.976496077007677
                                                                Encrypted:false
                                                                SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                                                                MD5:18E3D04537AF72FDBEB3760B2D10C80E
                                                                SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                                                                SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                                                                SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                                                                Malicious:false
                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                                Category:dropped
                                                                Size (bytes):386528
                                                                Entropy (8bit):7.9736851559892425
                                                                Encrypted:false
                                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                                Malicious:false
                                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                                Category:dropped
                                                                Size (bytes):1407294
                                                                Entropy (8bit):7.97605879016224
                                                                Encrypted:false
                                                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                                                                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                                                                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                                                                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                                                                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                                                                Malicious:false
                                                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                                                                Process:C:\Windows\SysWOW64\unarchiver.exe
                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                Category:modified
                                                                Size (bytes):5233
                                                                Entropy (8bit):5.4352916253488734
                                                                Encrypted:false
                                                                SSDEEP:48:4reIG9Gb9G9GpTGaG9Gp0GbPG5GlGtG9GY/G9GzGlsG1GKSewkjSG7Gb7G7GpBGw:qQxS2BteKKXH9teahOcf
                                                                MD5:C25DB0AB546B91A84196C9B32B0D6523
                                                                SHA1:38AA6A32447124D5399465A8031E17C68ABC0F01
                                                                SHA-256:7D58CC41933362D002CA3D8C5BB1DD33C87BDEEBD7378BE0D17326111F0C5458
                                                                SHA-512:9388B3399E0B51441090AA022D3FB8160C565023B1C57C2215ABA770E15818C5831B9D4275FFD83313137EE53232ED2D946670C0D7AD1B80B67B164EC97EFE89
                                                                Malicious:false
                                                                Preview:12/23/2024 9:09 AM: Unpack: C:\Users\user\Downloads\..........._........._.........zip..12/23/2024 9:09 AM: Tmp dir: C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja..12/23/2024 9:09 AM: Received from standard out: ..12/23/2024 9:09 AM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..12/23/2024 9:09 AM: Received from standard out: ..12/23/2024 9:09 AM: Received from standard out: Scanning the drive for archives:..12/23/2024 9:09 AM: Received from standard out: 1 file, 72888 bytes (72 KiB)..12/23/2024 9:09 AM: Received from standard out: ..12/23/2024 9:09 AM: Received from standard out: Extracting archive: C:\Users\user\Downloads\______________________________.zip..12/23/2024 9:09 AM: Received from standard out: --..12/23/2024 9:09 AM: Received from standard out: Path = C:\Users\user\Downloads\______________________________.zip..12/23/2024 9:09 AM: Received from standard out: Type = zip..12/23/202
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                Category:dropped
                                                                Size (bytes):72888
                                                                Entropy (8bit):7.99475845098864
                                                                Encrypted:true
                                                                SSDEEP:1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF
                                                                MD5:A7D1FDF448B0C018B4659596AB31F1B4
                                                                SHA1:1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6
                                                                SHA-256:3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2
                                                                SHA-512:DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063
                                                                Malicious:true
                                                                Preview:PK...........Y............;.............. ......... ......../PK...........Y.._........y.............. ......... ......../........... ......... .........rarRar!....S.od!.......#=>.~...7..#.B..`...wh...U...8.....|.7...A..BwR..wQs~......Ve.|....../ ..i.......;.+.z.[A+..-BM5.Cu..x...H.h...f..4...=.VM..0...Pu.C....t........{B.y..(d8Z1c...F..(..>5P.u._/7.2.u.M|....%ed...6{;...l.dTkpM$4.r...B....4.,t.l..Q...5X.K.`.J..l...,.:.;....e#....I..XA..e.kJ.{.5..X..`.q.J..'@.j..>.0.{..?..KB.E..$.jL...>1s....:......@la.V.ly$..mr{....P../sm...'.J.M.v.R..V..vA.5*J..J...!j^G..vz...`.|.I......P|L.{u'..1S.......A.H..H"W$........}0... .........e........%:.l.... ..D.5..KcT.wg.@d.)6.O...fU*Y4;..).uJ".7.+n.Y..?.?PM..x.Z.dB...a.....;....J.. ...Od0...d.....,.v.R..K..i.....HO...2......y.hn./..J.....u7...]UKQ....x.T...Y>H...B)..`....Na*.f..H...4c....hL....jR...W.dZ.K.6.3.<56P.K)...1.........E]{
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                Category:dropped
                                                                Size (bytes):72888
                                                                Entropy (8bit):7.99475845098864
                                                                Encrypted:true
                                                                SSDEEP:1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF
                                                                MD5:A7D1FDF448B0C018B4659596AB31F1B4
                                                                SHA1:1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6
                                                                SHA-256:3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2
                                                                SHA-512:DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063
                                                                Malicious:false
                                                                Preview:PK...........Y............;.............. ......... ......../PK...........Y.._........y.............. ......... ......../........... ......... .........rarRar!....S.od!.......#=>.~...7..#.B..`...wh...U...8.....|.7...A..BwR..wQs~......Ve.|....../ ..i.......;.+.z.[A+..-BM5.Cu..x...H.h...f..4...=.VM..0...Pu.C....t........{B.y..(d8Z1c...F..(..>5P.u._/7.2.u.M|....%ed...6{;...l.dTkpM$4.r...B....4.,t.l..Q...5X.K.`.J..l...,.:.;....e#....I..XA..e.kJ.{.5..X..`.q.J..'@.j..>.0.{..?..KB.E..$.jL...>1s....:......@la.V.ly$..mr{....P../sm...'.J.M.v.R..V..vA.5*J..J...!j^G..vz...`.|.I......P|L.{u'..1S.......A.H..H"W$........}0... .........e........%:.l.... ..D.5..KcT.wg.@d.)6.O...fU*Y4;..).uJ".7.+n.Y..?.?PM..x.Z.dB...a.....;....J.. ...Od0...d.....,.v.R..K..i.....HO...2......y.hn./..J.....u7...]UKQ....x.T...Y>H...B)..`....Na*.f..H...4c....hL....jR...W.dZ.K.6.3.<56P.K)...1.........E]{
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                Category:downloaded
                                                                Size (bytes):72888
                                                                Entropy (8bit):7.99475845098864
                                                                Encrypted:true
                                                                SSDEEP:1536:dj/4k7reL3wFYuWr1t+hUY36N4LbMeO984Qa57L6DV/S1GGF:J/4ErttsYhU+iMOtxsVWGGF
                                                                MD5:A7D1FDF448B0C018B4659596AB31F1B4
                                                                SHA1:1F41416F54A6F4D77E1ADCFD50AF9B86F62FF5E6
                                                                SHA-256:3114A656C50B699926CCC4BA8257E2E1B468D9867E203791D046953B0EB50BB2
                                                                SHA-512:DB6B96D9BC482BEDEBF7E78D42F7746C347D85976F1C81D92B0F4C2401167785783546C2B614AB87F5C2B56FA5D61AF34D192C0F67E1929555A5B13BB9827063
                                                                Malicious:false
                                                                URL:https://bbuseruploads.s3.amazonaws.com/ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip?response-content-disposition=attachment%3B%20filename%3D%22%25D0%2595%25D0%25BB%25D0%25B5%25D0%25BA%25D1%2582%25D1%2580%25D0%25BE%25D0%25BD%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D1%2596%25D0%25B6%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25B4%25D0%25BE%25D0%25BA%25D1%2583%25D0%25BC%25D0%25B5%25D0%25BD%25D1%2582.zip%22&AWSAccessKeyId=ASIA6KOSE3BNMAKPA4TP&Signature=B7Nleos7sWvhCwqMlzaswjwFDkU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD0F3OG5MFPp%2FRz3%2BBM673xXTvAt7LQQicY8TgFNgqSmgIgCiu3EYOa4naJXBAA22stgtP7IELvFo37Ku6ks7ZvHycqsAII1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJpD9StVnxfN%2BRjYNyqEAv6XeJTkzaQnhwypwOBaylObo41xoVvm3UEwX2Onit61mJ%2FX8htz6800tBoyVBWFPu8QnNXsGzXUTKxPGrseT4r%2BSXQ6wMyCLpcDGVHv4jyinlxCMMAkCK7qcuj%2B13DDvgO3HNeLP9zLs41Xj6TvFqfEH6YuYYbENHGK%2BHMVm4b2%2BshMou%2BxpSJDXTxWgGLk3vCrHLb%2FDBdQ6XbNcx31NtcvpehN%2BMSq%2FH81G4Gpy%2F5F7fGWrWwWqRfjCC2v0DJzLbJRc%2Bzo3WU38elxAGO88p3701l9UoeBTaQefv71WTvu1R8wNsuNaPj3z1R7v1hQXNtwb9kf%2BhHKCmDv6WXKm2IMeB1uMNPYpbsGOp0BJG2M5hXaMdyhV7HA%2FvaAMSrXGkIpAD00GBKxxMkfzF8xgCE7VlKaMRKSmAi0BJJzkkSD7z%2BYVyq63ygC89yuqx5Yj2SpF2J3wv99i1l%2FeCI%2FMfwHefXo1A3ebKj4Xu7yx8gJNaKR5Q5YAd0WQskZLBMjysZZV%2FaY9xZXXTtQ%2BuNK9YR9DColkatdX9ra%2FFFdAaajjeIwdKVti0nE0Q%3D%3D&Expires=1734964059
                                                                Preview:PK...........Y............;.............. ......... ......../PK...........Y.._........y.............. ......... ......../........... ......... .........rarRar!....S.od!.......#=>.~...7..#.B..`...wh...U...8.....|.7...A..BwR..wQs~......Ve.|....../ ..i.......;.+.z.[A+..-BM5.Cu..x...H.h...f..4...=.VM..0...Pu.C....t........{B.y..(d8Z1c...F..(..>5P.u._/7.2.u.M|....%ed...6{;...l.dTkpM$4.r...B....4.,t.l..Q...5X.K.`.J..l...,.:.;....e#....I..XA..e.kJ.{.5..X..`.q.J..'@.j..>.0.{..?..KB.E..$.jL...>1s....:......@la.V.ly$..mr{....P../sm...'.J.M.v.R..V..vA.5*J..J...!j^G..vz...`.|.I......P|L.{u'..1S.......A.H..H"W$........}0... .........e........%:.l.... ..D.5..KcT.wg.@d.)6.O...fU*Y4;..).uJ".7.+n.Y..?.?PM..x.Z.dB...a.....;....J.. ...Od0...d.....,.v.R..K..i.....HO...2......y.hn./..J.....u7...]UKQ....x.T...Y>H...B)..`....Na*.f..H...4c....hL....jR...W.dZ.K.6.3.<56P.K)...1.........E]{
                                                                File type:PDF document, version 1.7, 1 pages
                                                                Entropy (8bit):7.958504187286946
                                                                TrID:
                                                                • Adobe Portable Document Format (5005/1) 100.00%
                                                                File name:payment_3493.pdf
                                                                File size:176'101 bytes
                                                                MD5:3b8a483aac60a462b9a6d146a2186f5b
                                                                SHA1:1fc50e7cd899fadf7f4e71c9e6ef9f728aa3433a
                                                                SHA256:862166bb3039365a6240fb9a7d6057a19b0d71c86890ea967ac0b6683e635189
                                                                SHA512:7ea217a83207202e972cf63446305e6ac877139b8ce2dc7b1d77cabeb45eaf4936ba9675debcbcc8fd1a3e552c35af741b5df30e6e115c772271022b9c170b3f
                                                                SSDEEP:3072:j95Uri5vntF5bSZbjDD4+xQR75V98jrkyP1QNlkHca6RQfkIPBCu+ThaIkkvi:j95UrEvntbo3E+g75ff3+ARQfBCfTh5i
                                                                TLSH:6F0402044F2C3CC7C298A2923B4E392A69CFF192E2DD81D531FCD3971785E2AB176646
                                                                File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(ru) /StructTreeRoot 33 0 R/MarkInfo<</Marked true>>/Metadata 104 0 R/ViewerPreferences 105 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R
                                                                Icon Hash:62cc8caeb29e8ae0

                                                                General

                                                                Header:%PDF-1.7
                                                                Total Entropy:7.958504
                                                                Total Bytes:176101
                                                                Stream Entropy:7.982768
                                                                Stream Bytes:166541
                                                                Entropy outside Streams:5.245117
                                                                Bytes outside Streams:9560
                                                                Number of EOF found:2
                                                                Bytes after EOF:
                                                                NameCount
                                                                obj47
                                                                endobj47
                                                                stream15
                                                                endstream15
                                                                xref2
                                                                trailer2
                                                                startxref2
                                                                /Page1
                                                                /Encrypt0
                                                                /ObjStm1
                                                                /URI2
                                                                /JS0
                                                                /JavaScript0
                                                                /AA0
                                                                /OpenAction0
                                                                /AcroForm0
                                                                /JBIG2Decode0
                                                                /RichMedia0
                                                                /Launch0
                                                                /EmbeddedFile0

                                                                Image Streams

                                                                IDDHASHMD5Preview
                                                                904605c4e09400800d53047184d017b8e15d77d1cd729e27b
                                                                28000000000000000089d5f2b1b2ae141b8b0aa06659074b02
                                                                290000000000000000e463cee71f965f614dc89003cd98d1e9
                                                                3030797878f4f47158c47aed72bf080d9e9ef950e3a08ff7c6
                                                                31b0f97878f4f471525ee683e740d4593a3bc2e6e7b647b8d8
                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 23, 2024 15:08:52.579215050 CET49673443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:08:52.579225063 CET49674443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:08:52.876172066 CET49672443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:08:53.638084888 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:53.638217926 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:53.644630909 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:53.644649982 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:53.645061016 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:53.646704912 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:53.646821976 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:53.646826982 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:53.647245884 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:53.687334061 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:54.193783045 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:54.194390059 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:54.194482088 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:54.194933891 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:54.194956064 CET4434971020.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:54.194988012 CET49710443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:55.138293028 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:55.138331890 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:55.138406038 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:55.139147043 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:55.139159918 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.356492996 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.356571913 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.359245062 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.359255075 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.359591961 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.361566067 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.361634016 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.361646891 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.361779928 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.407331944 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.904355049 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.904597044 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.904676914 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.904881001 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:08:57.904900074 CET4434971220.198.119.84192.168.2.6
                                                                Dec 23, 2024 15:08:57.904910088 CET49712443192.168.2.620.198.119.84
                                                                Dec 23, 2024 15:09:02.250730038 CET49674443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:09:02.269892931 CET49673443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:09:02.504278898 CET49672443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:09:04.968601942 CET44349704173.222.162.64192.168.2.6
                                                                Dec 23, 2024 15:09:04.968677998 CET49704443192.168.2.6173.222.162.64
                                                                Dec 23, 2024 15:09:20.380001068 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:20.380058050 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:20.380137920 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:20.380796909 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:20.380816936 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:22.586859941 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:22.586961985 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:22.599613905 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:22.599639893 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:22.599860907 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:22.601893902 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:22.601972103 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:22.601975918 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:22.602135897 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:22.647339106 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:23.262489080 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:23.262576103 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:23.262656927 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:23.263839006 CET49777443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:23.263871908 CET4434977720.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:24.805195093 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:24.805280924 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:24.805365086 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:24.806006908 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:24.806040049 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.394912958 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.406114101 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:26.406208038 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.407402992 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.407488108 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:26.413125038 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:26.413331985 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.413522959 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:26.413537979 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:26.459306002 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:27.095598936 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:27.095629930 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:27.095690966 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:27.095707893 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:27.095748901 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:27.095768929 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:27.099797964 CET49788443192.168.2.6185.166.143.48
                                                                Dec 23, 2024 15:09:27.099833012 CET44349788185.166.143.48192.168.2.6
                                                                Dec 23, 2024 15:09:27.497601986 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:27.497639894 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:27.497715950 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:27.498169899 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:27.498191118 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:28.058783054 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:28.058825016 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:28.058887005 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:28.059159040 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:28.059171915 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:28.911557913 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:28.911890984 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:28.911925077 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:28.912992954 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:28.913070917 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:28.916189909 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:28.916305065 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:28.916563988 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:28.916583061 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.061300993 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.408417940 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454354048 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454381943 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454412937 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454438925 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454442978 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.454479933 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454510927 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454515934 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.454541922 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.454562902 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.454562902 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.562866926 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.562899113 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634284973 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634300947 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634330988 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634351969 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634361029 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634370089 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.634383917 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634427071 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.634464979 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.634465933 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.634465933 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.687730074 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687767982 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687789917 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687808990 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.687823057 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687841892 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687855959 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.687864065 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687884092 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.687886000 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687896967 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.687917948 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.687937021 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.688036919 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.695139885 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.750365019 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.756572008 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:29.756834984 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:29.756860971 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:29.757915974 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:29.757977009 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:29.759121895 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:29.759190083 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:29.795011044 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.795043945 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.795062065 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.795088053 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.795105934 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.795136929 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.795147896 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.795191050 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.827270031 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827292919 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827358007 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827362061 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.827389002 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827478886 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.827490091 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827538967 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.827605009 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.829957962 CET49801443192.168.2.63.5.29.153
                                                                Dec 23, 2024 15:09:29.829977036 CET443498013.5.29.153192.168.2.6
                                                                Dec 23, 2024 15:09:29.851011038 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:29.851023912 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:29.891350985 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:39.462222099 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:39.462279081 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:39.462546110 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:39.775191069 CET49805443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:09:39.775209904 CET44349805142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:09:51.508141994 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:51.508191109 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:51.508282900 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:51.508827925 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:51.508841991 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:53.721137047 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:53.721210003 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:53.723290920 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:53.723310947 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:53.723644018 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:53.725538969 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:53.725599051 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:53.725608110 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:53.725734949 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:53.771327972 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:54.267864943 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:54.267963886 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:54.268371105 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:54.268486023 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:09:54.268502951 CET4434991620.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:09:54.268513918 CET49916443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:24.728059053 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:24.728107929 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:24.728187084 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:24.728924036 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:24.728941917 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:26.961215019 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:26.961302996 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:26.965759993 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:26.965776920 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:26.966557980 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:26.971230030 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:26.971349955 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:26.971507072 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:26.971524000 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:27.015374899 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:27.516504049 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:27.516693115 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:27.516868114 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:27.516943932 CET50001443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:10:27.516995907 CET4435000120.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:10:27.986474991 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:27.986548901 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:27.986685991 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:27.987786055 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:27.987817049 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:29.677397966 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:29.677772999 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:29.677864075 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:29.678293943 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:29.678703070 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:29.678797007 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:29.719384909 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:30.484705925 CET4970380192.168.2.6199.232.214.172
                                                                Dec 23, 2024 15:10:30.484858036 CET49702443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:30.605237007 CET8049703199.232.214.172192.168.2.6
                                                                Dec 23, 2024 15:10:30.605293989 CET4970380192.168.2.6199.232.214.172
                                                                Dec 23, 2024 15:10:30.605297089 CET4434970220.190.147.2192.168.2.6
                                                                Dec 23, 2024 15:10:30.605355024 CET49702443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:36.108962059 CET49706443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:36.109020948 CET49708443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:36.229244947 CET4434970620.190.147.2192.168.2.6
                                                                Dec 23, 2024 15:10:36.229357004 CET49706443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:36.230022907 CET4434970820.190.147.2192.168.2.6
                                                                Dec 23, 2024 15:10:36.230128050 CET49708443192.168.2.620.190.147.2
                                                                Dec 23, 2024 15:10:39.409245014 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:39.409315109 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:10:39.409559965 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:41.001321077 CET50011443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:10:41.001353025 CET44350011142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:06.679886103 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:06.679944992 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:06.680033922 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:06.680684090 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:06.680701971 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:08.928355932 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:08.928527117 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:08.935956001 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:08.935978889 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:08.936861038 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:08.939362049 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:08.939471960 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:08.939479113 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:08.939646959 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:08.987330914 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:09.742754936 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:09.743887901 CET4435008220.198.118.190192.168.2.6
                                                                Dec 23, 2024 15:11:09.744097948 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:09.744097948 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:09.744097948 CET50082443192.168.2.620.198.118.190
                                                                Dec 23, 2024 15:11:28.048944950 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:28.049017906 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:28.049205065 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:28.049607992 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:28.049628019 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:29.748528004 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:29.749187946 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:29.749229908 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:29.750410080 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:29.751354933 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:29.751430035 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:29.796514988 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:39.451685905 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:39.451850891 CET44350083142.250.181.68192.168.2.6
                                                                Dec 23, 2024 15:11:39.452038050 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:41.003846884 CET50083443192.168.2.6142.250.181.68
                                                                Dec 23, 2024 15:11:41.003916025 CET44350083142.250.181.68192.168.2.6
                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Dec 23, 2024 15:09:11.207539082 CET5027953192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:24.573920012 CET5765053192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:24.574134111 CET5378953192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:24.709368944 CET53611301.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:24.710558891 CET53576501.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:24.871395111 CET53537891.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:24.946563959 CET53521341.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:27.110199928 CET5316153192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:27.110378027 CET5334453192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:27.468934059 CET53533441.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:27.496752024 CET53531611.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:27.749456882 CET53541551.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:27.920342922 CET5943853192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:27.920602083 CET5298653192.168.2.61.1.1.1
                                                                Dec 23, 2024 15:09:28.057430029 CET53594381.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:28.057503939 CET53529861.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:29.451349020 CET53621621.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:09:44.580348015 CET53563261.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:10:03.342719078 CET53496801.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:10:23.828464031 CET53653471.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:10:26.044831991 CET53515971.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:10:56.358313084 CET53614221.1.1.1192.168.2.6
                                                                Dec 23, 2024 15:11:42.717803955 CET53533721.1.1.1192.168.2.6
                                                                TimestampSource IPDest IPChecksumCodeType
                                                                Dec 23, 2024 15:09:24.871481895 CET192.168.2.61.1.1.1c239(Port unreachable)Destination Unreachable
                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Dec 23, 2024 15:09:11.207539082 CET192.168.2.61.1.1.10xcc28Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:24.573920012 CET192.168.2.61.1.1.10x21c3Standard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:24.574134111 CET192.168.2.61.1.1.10x9e69Standard query (0)bitbucket.org65IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.110199928 CET192.168.2.61.1.1.10x364fStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.110378027 CET192.168.2.61.1.1.10xaebeStandard query (0)bbuseruploads.s3.amazonaws.com65IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.920342922 CET192.168.2.61.1.1.10xc17eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.920602083 CET192.168.2.61.1.1.10xb4c3Standard query (0)www.google.com65IN (0x0001)false
                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Dec 23, 2024 15:09:11.432585955 CET1.1.1.1192.168.2.60xcc28No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                Dec 23, 2024 15:09:24.710558891 CET1.1.1.1192.168.2.60x21c3No error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:24.710558891 CET1.1.1.1192.168.2.60x21c3No error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:24.710558891 CET1.1.1.1192.168.2.60x21c3No error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.468934059 CET1.1.1.1192.168.2.60xaebeNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.468934059 CET1.1.1.1192.168.2.60xaebeNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com3.5.29.153A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com52.217.197.129A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.157A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.52A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com16.182.105.65A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com52.216.89.59A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com52.217.112.1A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:27.496752024 CET1.1.1.1192.168.2.60x364fNo error (0)s3-w.us-east-1.amazonaws.com3.5.25.54A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:28.057430029 CET1.1.1.1192.168.2.60xc17eNo error (0)www.google.com142.250.181.68A (IP address)IN (0x0001)false
                                                                Dec 23, 2024 15:09:28.057503939 CET1.1.1.1192.168.2.60xb4c3No error (0)www.google.com65IN (0x0001)false
                                                                • bitbucket.org
                                                                • bbuseruploads.s3.amazonaws.com
                                                                • tse1.mm.bing.net
                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                0192.168.2.64971020.198.119.84443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:08:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 44 30 32 6f 4b 79 2b 79 58 45 57 54 63 39 4d 6a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 62 32 35 62 61 62 63 31 64 65 61 38 65 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: D02oKy+yXEWTc9Mj.1Context: c3cb25babc1dea8e
                                                                2024-12-23 14:08:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:08:53 UTC1076OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 44 30 32 6f 4b 79 2b 79 58 45 57 54 63 39 4d 6a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 62 32 35 62 61 62 63 31 64 65 61 38 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 7a 55 45 6b 33 4e 66 59 68 39 44 37 4a 45 5a 56 62 6c 51 70 7a 62 55 68 49 35 31 6e 4c 71 31 6c 79 78 73 49 65 70 6c 50 58 6f 72 4f 79 52 49 56 48 6e 75 53 2b 51 69 6e 32 63 6a 51 38 47 78 6c 52 66 65 2f 66 72 53 38 6e 4e 35 33 45 6b 50 56 49 67 5a 54 76 4c 63 7a 43 74 4b 2f 74 4b 78 6b 4e 6c 45 66 39 33 48 61 4b 43 39 4b
                                                                Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: D02oKy+yXEWTc9Mj.2Context: c3cb25babc1dea8e<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXzUEk3NfYh9D7JEZVblQpzbUhI51nLq1lyxsIeplPXorOyRIVHnuS+Qin2cjQ8GxlRfe/frS8nN53EkPVIgZTvLczCtK/tKxkNlEf93HaKC9K
                                                                2024-12-23 14:08:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 44 30 32 6f 4b 79 2b 79 58 45 57 54 63 39 4d 6a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 63 62 32 35 62 61 62 63 31 64 65 61 38 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: D02oKy+yXEWTc9Mj.3Context: c3cb25babc1dea8e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:08:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:08:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 79 39 4c 38 6f 75 76 69 69 6b 61 53 7a 54 53 57 41 62 4b 7a 57 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: y9L8ouviikaSzTSWAbKzWA.0Payload parsing failed.


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                1192.168.2.64971220.198.119.84443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:08:57 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6a 74 36 49 35 6e 69 43 56 6b 32 56 51 48 4a 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 34 37 66 39 38 31 62 64 61 66 62 32 38 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: jt6I5niCVk2VQHJi.1Context: 6c447f981bdafb28
                                                                2024-12-23 14:08:57 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:08:57 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 6a 74 36 49 35 6e 69 43 56 6b 32 56 51 48 4a 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 34 37 66 39 38 31 62 64 61 66 62 32 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 45 33 6f 51 72 65 41 41 4c 7a 70 30 75 66 66 53 63 38 48 76 6a 32 54 49 2b 73 7a 67 38 78 42 71 4b 6d 55 73 72 71 67 64 7a 63 2b 67 6d 6d 33 64 47 48 30 59 4b 38 64 30 49 65 4a 53 72 57 47 5a 45 31 66 4b 51 6f 55 46 6e 34 73 62 70 6b 72 62 34 4f 2f 35 42 65 5a 66 46 43 54 44 51 70 67 33 72 56 7a 39 56 76 57 79 66 6d 66 54
                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: jt6I5niCVk2VQHJi.2Context: 6c447f981bdafb28<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUE3oQreAALzp0uffSc8Hvj2TI+szg8xBqKmUsrqgdzc+gmm3dGH0YK8d0IeJSrWGZE1fKQoUFn4sbpkrb4O/5BeZfFCTDQpg3rVz9VvWyfmfT
                                                                2024-12-23 14:08:57 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6a 74 36 49 35 6e 69 43 56 6b 32 56 51 48 4a 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 63 34 34 37 66 39 38 31 62 64 61 66 62 32 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: jt6I5niCVk2VQHJi.3Context: 6c447f981bdafb28<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:08:57 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:08:57 UTC58INData Raw: 4d 53 2d 43 56 3a 20 71 38 6c 36 57 59 61 4e 49 6b 53 76 53 64 2f 64 6c 34 41 4b 4d 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: q8l6WYaNIkSvSd/dl4AKMg.0Payload parsing failed.


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                2192.168.2.64977720.198.118.190443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:22 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 73 74 52 47 70 2f 47 38 37 45 32 38 57 71 50 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 65 37 62 61 63 64 32 66 30 62 61 61 65 65 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: stRGp/G87E28WqPA.1Context: e5e7bacd2f0baaee
                                                                2024-12-23 14:09:22 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:09:22 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 73 74 52 47 70 2f 47 38 37 45 32 38 57 71 50 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 65 37 62 61 63 64 32 66 30 62 61 61 65 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 45 33 6f 51 72 65 41 41 4c 7a 70 30 75 66 66 53 63 38 48 76 6a 32 54 49 2b 73 7a 67 38 78 42 71 4b 6d 55 73 72 71 67 64 7a 63 2b 67 6d 6d 33 64 47 48 30 59 4b 38 64 30 49 65 4a 53 72 57 47 5a 45 31 66 4b 51 6f 55 46 6e 34 73 62 70 6b 72 62 34 4f 2f 35 42 65 5a 66 46 43 54 44 51 70 67 33 72 56 7a 39 56 76 57 79 66 6d 66 54
                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: stRGp/G87E28WqPA.2Context: e5e7bacd2f0baaee<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUE3oQreAALzp0uffSc8Hvj2TI+szg8xBqKmUsrqgdzc+gmm3dGH0YK8d0IeJSrWGZE1fKQoUFn4sbpkrb4O/5BeZfFCTDQpg3rVz9VvWyfmfT
                                                                2024-12-23 14:09:22 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 73 74 52 47 70 2f 47 38 37 45 32 38 57 71 50 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 35 65 37 62 61 63 64 32 66 30 62 61 61 65 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: stRGp/G87E28WqPA.3Context: e5e7bacd2f0baaee<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:09:23 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:09:23 UTC58INData Raw: 4d 53 2d 43 56 3a 20 30 70 39 73 41 52 66 61 31 6b 69 72 39 47 73 6f 48 5a 34 59 61 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: 0p9sARfa1kir9GsoHZ4YaA.0Payload parsing failed.


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                3192.168.2.649788185.166.143.484437924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:26 UTC853OUTGET /vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip HTTP/1.1
                                                                Host: bitbucket.org
                                                                Connection: keep-alive
                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                sec-ch-ua-mobile: ?0
                                                                sec-ch-ua-platform: "Windows"
                                                                Upgrade-Insecure-Requests: 1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                Sec-Fetch-Site: none
                                                                Sec-Fetch-Mode: navigate
                                                                Sec-Fetch-User: ?1
                                                                Sec-Fetch-Dest: document
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                2024-12-23 14:09:27 UTC6357INHTTP/1.1 302 Found
                                                                Date: Mon, 23 Dec 2024 14:09:26 GMT
                                                                Content-Type: text/html; charset=utf-8
                                                                Content-Length: 0
                                                                Server: AtlassianEdge
                                                                Location: https://bbuseruploads.s3.amazonaws.com/ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip?response-content-disposition=attachment%3B%20filename%3D%22%25D0%2595%25D0%25BB%25D0%25B5%25D0%25BA%25D1%2582%25D1%2580%25D0%25BE%25D0%25BD%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D1%2596%25D0%25B6%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25B4%25D0%25BE%25D0%25BA%25D1%2583%25D0%25BC%25D0%25B5%25D0%25BD%25D1%2582.zip%22&AWSAccessKeyId=ASIA6KOSE3BNMAKPA4TP&Signature=B7Nleos7sWvhCwqMlzaswjwFDkU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD0F3OG5MFPp%2FRz3%2BBM673xXTvAt7LQQicY8TgFNgqSmgIgCiu3EYOa4naJXBAA22stgtP7IELvFo37Ku6ks7ZvHycqsAII1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJpD9StVnxfN%2BRjYNyqEAv6XeJTkzaQnhwypwOBaylObo41xoVvm3UEwX2Onit61mJ%2F [TRUNCATED]
                                                                Expires: Mon, 23 Dec 2024 14:09:26 GMT
                                                                Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                X-Used-Mesh: False
                                                                Vary: Accept-Language, Origin
                                                                Content-Language: en
                                                                X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                X-Dc-Location: Micros-3
                                                                X-Served-By: d9bfadc713c0
                                                                X-Version: c9b3998323c0
                                                                X-Static-Version: c9b3998323c0
                                                                X-Request-Count: 738
                                                                X-Render-Time: 0.062294721603393555
                                                                X-B3-Traceid: 714f6b00cbfd4856bac31c0d7c57cb30
                                                                X-B3-Spanid: 85ded1fa0ff38ef5
                                                                X-Frame-Options: SAMEORIGIN
                                                                Content-Security-Policy: frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpuser.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.se [TRUNCATED]
                                                                X-Usage-Quota-Remaining: 998950.782
                                                                X-Usage-Request-Cost: 1067.33
                                                                X-Usage-User-Time: 0.032020
                                                                X-Usage-System-Time: 0.000000
                                                                X-Usage-Input-Ops: 0
                                                                X-Usage-Output-Ops: 0
                                                                Age: 0
                                                                X-Cache: MISS
                                                                X-Content-Type-Options: nosniff
                                                                X-Xss-Protection: 1; mode=block
                                                                Atl-Traceid: 714f6b00cbfd4856bac31c0d7c57cb30
                                                                Atl-Request-Id: 714f6b00-cbfd-4856-bac3-1c0d7c57cb30
                                                                Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                Server-Timing: atl-edge;dur=174,atl-edge-internal;dur=4,atl-edge-upstream;dur=171,atl-edge-pop;desc="aws-eu-central-1"
                                                                Connection: close


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                4192.168.2.6498013.5.29.1534437924C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:28 UTC2232OUTGET /ff9a4495-017e-4384-93b3-e2935568b751/downloads/8b125713-9bba-415c-9efb-667961c70fc5/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip?response-content-disposition=attachment%3B%20filename%3D%22%25D0%2595%25D0%25BB%25D0%25B5%25D0%25BA%25D1%2582%25D1%2580%25D0%25BE%25D0%25BD%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D1%2596%25D0%25B6%25D0%25BD%25D0%25B8%25D0%25B9_%25D0%25B4%25D0%25BE%25D0%25BA%25D1%2583%25D0%25BC%25D0%25B5%25D0%25BD%25D1%2582.zip%22&AWSAccessKeyId=ASIA6KOSE3BNMAKPA4TP&Signature=B7Nleos7sWvhCwqMlzaswjwFDkU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEA4aCXVzLWVhc3QtMSJHMEUCIQD0F3OG5MFPp%2FRz3%2BBM673xXTvAt7LQQicY8TgFNgqSmgIgCiu3EYOa4naJXBAA22stgtP7IELvFo37Ku6ks7ZvHycqsAII1%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDJpD9StVnxfN%2BRjYNyqEAv6XeJTkzaQnhwypwOBaylObo41xoVvm3UEwX2Onit61mJ%2FX8htz6800tBoyVBWFPu8QnNXsGzXUTKxPGrseT4r%2BS [TRUNCATED]
                                                                Host: bbuseruploads.s3.amazonaws.com
                                                                Connection: keep-alive
                                                                Upgrade-Insecure-Requests: 1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                Sec-Fetch-Site: none
                                                                Sec-Fetch-Mode: navigate
                                                                Sec-Fetch-User: ?1
                                                                Sec-Fetch-Dest: document
                                                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                sec-ch-ua-mobile: ?0
                                                                sec-ch-ua-platform: "Windows"
                                                                Accept-Encoding: gzip, deflate, br
                                                                Accept-Language: en-US,en;q=0.9
                                                                2024-12-23 14:09:29 UTC738INHTTP/1.1 200 OK
                                                                x-amz-id-2: qhjrH1AwxQod5AJdW08wShrPM9BJTh02MzNLNuS4yRbKwjyTxFhptCtt3CPBeQO/RNw3Xjr/mKo0tX7iCk4htBHdPf0MhcObwHd9toKHYJY=
                                                                x-amz-request-id: 9BTKB029Z3HMBB4M
                                                                Date: Mon, 23 Dec 2024 14:09:30 GMT
                                                                Last-Modified: Mon, 23 Dec 2024 00:41:20 GMT
                                                                ETag: "a7d1fdf448b0c018b4659596ab31f1b4"
                                                                x-amz-server-side-encryption: AES256
                                                                x-amz-version-id: AcZD5fjXE9Ui8SwdXLfkFra6M2TbMcO5
                                                                Content-Disposition: attachment; filename="%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip"
                                                                Accept-Ranges: bytes
                                                                Content-Type: application/x-zip-compressed
                                                                Content-Length: 72888
                                                                Server: AmazonS3
                                                                Connection: close
                                                                2024-12-23 14:09:29 UTC16384INData Raw: 50 4b 03 04 14 00 00 08 00 00 f7 1c 97 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 00 00 d0 95 d0 bb d0 b5 d0 ba d1 82 d1 80 d0 be d0 bd d0 bd d0 b8 d0 b9 20 d0 bf d0 bb d0 b0 d1 82 d1 96 d0 b6 d0 bd d0 b8 d0 b9 20 d0 b4 d0 be d0 ba d1 83 d0 bc d0 b5 d0 bd d1 82 2f 50 4b 03 04 0a 00 00 08 00 00 93 1c 97 59 e9 db 81 5f be 18 01 00 be 18 01 00 79 00 00 00 d0 95 d0 bb d0 b5 d0 ba d1 82 d1 80 d0 be d0 bd d0 bd d0 b8 d0 b9 20 d0 bf d0 bb d0 b0 d1 82 d1 96 d0 b6 d0 bd d0 b8 d0 b9 20 d0 b4 d0 be d0 ba d1 83 d0 bc d0 b5 d0 bd d1 82 2f d0 95 d0 bb d0 b5 d0 ba d1 82 d1 80 d0 be d0 bd d0 bd d0 b8 d0 b9 20 d0 bf d0 bb d0 b0 d1 82 d1 96 d0 b6 d0 bd d0 b8 d0 b9 20 d0 b4 d0 be d0 ba d1 83 d0 bc d0 b5 d0 bd d1 82 2e 72 61 72 52 61 72 21 1a 07 01 00 53 ee 6f 64 21 04 00
                                                                Data Ascii: PKY; /PKY_y / .rarRar!Sod!
                                                                2024-12-23 14:09:29 UTC286INData Raw: 17 57 de b2 ea de 8c d5 79 c0 c1 9c 38 45 0d c6 5a eb e2 99 db b5 36 0d f6 14 fc 62 56 fd e3 45 1e e6 73 73 6e c0 d3 8e 70 97 05 1c b3 18 ad 50 80 ce 03 7b 5d b4 a1 40 18 ff 98 68 de 5d 57 a5 9f e3 35 75 dd 9d e0 da 6f b8 79 4b d4 ea 0f 92 18 8d 95 6f fa 8c bf fe 8a bb 69 3b 54 31 c1 5f 54 70 94 9c 19 e1 31 b3 22 e7 91 07 77 8f 6a 92 39 26 84 ad 6a 04 e6 5b c7 b2 eb a5 b3 8e cb 06 af e3 a0 aa 95 72 49 ac ef b9 bc 62 8b 4d f6 a4 fe 47 79 a7 f5 4f ae 86 66 e4 27 04 17 fc a2 81 7f 19 2e 3e 48 e8 4b a8 83 ab ff 0d b0 56 a9 28 c1 b2 c9 45 07 60 ce 87 a5 f3 2f f3 c4 21 4f 85 66 35 bb fa 37 3d 7a d0 f2 7c 5f 1b 55 88 35 b5 93 3d 69 02 57 33 e3 dd 6d af 30 fc 98 3d 11 f7 4a d2 c3 5c aa 01 d8 0a 5a c2 27 a5 60 08 82 ad 4f fd f0 a4 6e bd 85 f5 ef 00 f3 2a 32 e4 e5
                                                                Data Ascii: Wy8EZ6bVEssnpP{]@h]W5uoyKoi;T1_Tp1"wj9&j[rIbMGyOf'.>HKV(E`/!Of57=z|_U5=iW3m0=J\Z'`On*2
                                                                2024-12-23 14:09:29 UTC16384INData Raw: 29 69 b9 68 79 38 00 5a 04 18 18 b4 24 fe 92 55 be 7c bb 79 10 19 e6 52 fd 28 18 d6 80 02 fc a9 db 88 6f 5c 30 e7 95 1d 71 9d 77 08 0d d1 23 f5 06 69 5e b8 51 5b 86 9f 35 b4 6d d4 af 07 ec dc 1f 79 3f 72 29 57 60 a2 ae ef 92 e3 39 2f 5f 6d 27 6d 27 cf 76 2c 87 7a 42 b7 35 67 4d 7f 3a c8 69 50 1c a3 6a 00 96 a3 aa ab e8 ac 3d 79 cb 1e 89 7b 21 f6 86 32 f4 ab d0 11 88 f3 a9 3e 86 80 9a 53 d1 1f 79 5c 9c 9c a9 e5 57 5d b7 22 b3 77 c9 56 28 f0 ae 21 ab 7f 65 58 e1 c8 da 04 b6 53 03 a2 5b d1 fe 8e a5 5f 97 6f d0 a0 9f b7 14 7b 98 30 a8 1c 1b e3 4d 90 a5 28 6e bf f4 84 c5 47 ab 7b fb f1 0a d8 23 f6 1f 6f 16 f9 a1 97 fa 01 0a d9 22 c1 41 32 cb fc 05 d4 e7 78 64 bb a8 e7 38 67 38 c8 8a 00 c4 d4 09 12 43 6c 27 e7 93 74 16 0d c2 a6 64 03 c9 0a 03 95 2d 8b e9 ff a2
                                                                Data Ascii: )ihy8Z$U|yR(o\0qw#i^Q[5my?r)W`9/_m'm'v,zB5gM:iPj=y{!2>Sy\W]"wV(!eXS[_o{0M(nG{#o"A2xd8g8Cl'td-
                                                                2024-12-23 14:09:29 UTC1024INData Raw: 91 ea 90 94 9e 63 6f d0 ce 5f d3 e8 e1 f8 1e af c3 43 b4 3a 19 ab 4d 6b cf f6 40 d3 3c fd ba 15 4b cc 46 e1 b2 7e d7 ce fb 6c a9 d8 bd a5 8e 0c fc e4 c9 eb ba e6 7a 55 cb c4 e0 24 78 4c b9 14 b6 9f a1 93 bd f3 ed ba 21 ce 9a ae 9f b8 85 88 88 e8 0a 86 80 a0 fb 6f eb 29 6e aa f2 fc ca 83 dc 3d fb b1 77 66 df 54 a1 5e 3e 11 a6 58 cb 23 5d 5c 47 88 2f 1b fa bb e7 fd 4d 3b 3c 2d a0 aa a7 b7 bb 2e 6a c1 c4 6d e9 9c c8 c3 d3 3c 32 53 a2 ed 50 b2 7f 3f 76 69 4b 0c 6e 88 d2 05 3b 26 f7 2e 82 b1 76 8e b6 6f 70 88 32 73 47 6e be 1a 34 0d f6 7f 69 68 7c de 4b 09 68 0f 08 0f ad 0d b2 13 1f f8 62 10 f2 65 e8 b0 fe e9 5c f2 92 e0 bf 07 02 0f f7 a5 6f 84 ad 0d 39 a0 ab fc 2b 56 e9 55 62 28 ad 73 30 e5 bc 28 f9 0c 96 0c 35 33 84 6e 8d 31 49 41 ee 96 07 3d 2f 21 3c 5a 53
                                                                Data Ascii: co_C:Mk@<KF~lzU$xL!o)n=wfT^>X#]\G/M;<-.jm<2SP?viKn;&.vop2sGn4ih|Khbe\o9+VUb(s0(53n1IA=/!<ZS
                                                                2024-12-23 14:09:29 UTC16384INData Raw: e3 98 58 95 50 bb d7 bc 01 71 d9 2b d0 a2 c6 3b b7 31 19 76 4a fc 80 57 8a 28 01 6a 9f 43 05 66 72 17 13 5c 07 58 5a 19 61 eb 1a 24 2e 0b 45 5d 82 32 52 6a 79 b2 12 fd 79 c0 74 f8 9e d1 45 87 67 27 52 db a6 d7 09 98 57 6f 6e b9 4e c5 b4 d7 68 ed 62 15 aa e4 bf ef c1 e5 35 4d 50 f2 8d 74 67 0c b4 b3 ce 00 18 11 ca 6b ac f4 c0 dc 36 0c 2f da 6d 21 dc 60 76 a3 29 be 33 e3 57 ac 60 d7 d9 bb 17 ae 95 9e d6 b1 08 f8 32 49 ab 15 f9 b0 5c 7a df 76 64 b7 fb 74 f1 ff 6a 55 25 b9 86 79 98 8a bb 39 9b 54 b4 c6 3f 12 16 28 f9 70 d2 84 b5 4f 22 f8 98 03 4a 08 83 e2 08 85 da 3a b0 85 78 d8 30 23 0a bd 29 cb 81 68 7f 64 37 a3 4a dd 2e 67 79 83 ba 6f 05 5b a3 85 f9 5a b7 2e ef 27 b7 7f 80 e6 52 f1 ee 5e ce 42 bf 74 64 d3 84 05 f6 1b 27 01 55 04 c9 51 ee ce b7 a9 21 be 84
                                                                Data Ascii: XPq+;1vJW(jCfr\XZa$.E]2RjyytEg'RWonNhb5MPtgk6/m!`v)3W`2I\zvdtjU%y9T?(pO"J:x0#)hd7J.gyo[Z.'R^Btd'UQ!
                                                                2024-12-23 14:09:29 UTC1024INData Raw: 89 49 97 3f 3e 4e 86 fd ba 0f 2d 32 fa e4 a2 b8 85 ff a9 18 c9 6a 22 36 b7 81 24 a7 09 30 93 8e a7 60 1e 58 fb 77 c6 72 55 1e 7f 79 99 ce ba 0f 90 a4 8d 4c 6f f8 6d 52 7f 81 ac 4a 57 f4 8d 0d ac 45 a9 00 12 c0 77 4c 53 36 4b a8 d4 e7 f0 d9 b5 c8 40 c9 8e c5 04 88 c0 7d fb 0b 96 89 1c 3d ea 92 ee ef 36 57 b3 d6 09 80 e4 23 00 1c 2c 7b 9b 6b b3 b7 68 2b d3 6e dc 5f e2 95 d3 38 4a 03 ae 61 45 7d df da 30 cb e7 e9 78 56 d7 66 6f 0b 87 1a bd 74 22 ff 5b 4e 73 2e 8d c2 aa bd 74 57 b0 cb 31 6c 40 e9 21 0f cf 1d d3 b2 63 9e 25 a1 90 c1 e4 b1 3e a8 cc 88 f2 6d cf d7 ff 8b 05 61 50 93 6e c6 15 4b 71 69 c4 e5 00 29 a6 48 f7 52 b3 af 98 ee 0c 44 57 3f 48 27 a2 24 ff c6 72 c4 16 5c ab 98 ad c8 c2 44 34 97 ce fb db e7 31 49 3d 66 3c f1 20 85 30 b1 dc bd 63 99 ec cf 69
                                                                Data Ascii: I?>N-2j"6$0`XwrUyLomRJWEwLS6K@}=6W#,{kh+n_8JaE}0xVfot"[Ns.tW1l@!c%>maPnKqi)HRDW?H'$r\D41I=f< 0ci
                                                                2024-12-23 14:09:29 UTC10749INData Raw: 20 e5 23 ad ad 80 28 09 cb ea 57 b8 fa 01 da 75 69 f8 fb cc 55 ed 62 8c ba 7c e4 6f 7f 5b 1c 25 f1 6d 3d 49 69 6c a1 cb b3 6e 6a 6b ae ac b8 e5 1e 8f aa d7 e5 0c 12 21 bd c5 28 3d 60 e6 0b fa 1e 9d 39 4e 8c ba 7e 67 10 dd cc ae 91 dc 11 83 12 cf 2e ad 52 b9 59 f9 63 96 d8 da 7f a8 9e 83 c7 bc c7 7d c6 c9 82 dc f2 7b 1f ba f8 20 3b e7 36 53 c3 33 aa c7 5b 4e 96 61 0d 7d 03 6a 1f e7 cc 65 e8 12 18 6f 1d a8 38 10 a0 76 0b eb 3c 95 20 c7 be fb 64 ad 84 e2 ba 7b 72 2b 6c f7 c0 d5 68 38 ce 71 8f 72 1c d6 d0 4b ff 16 fb 61 9f a3 6a c8 3e 8c 87 4e 6c 88 36 04 02 72 0d 56 8c c7 46 ea 36 ea 53 51 44 ba 45 fe 25 57 4b d1 af 2c e9 34 0d 62 17 26 e6 e3 b8 ac 68 05 e6 9e 42 ae c3 62 60 e0 a0 aa 10 74 9e 78 69 1a ab 7f ba 61 cd 97 ef 21 f4 00 66 56 35 20 7b 89 f3 2f 31
                                                                Data Ascii: #(WuiUb|o[%m=Iilnjk!(=`9N~g.RYc}{ ;6S3[Na}jeo8v< d{r+lh8qrKaj>Nl6rVF6SQDE%WK,4b&hBb`txia!fV5 {/1
                                                                2024-12-23 14:09:29 UTC10653INData Raw: 4c cd 9e c2 cb 5f 63 b4 96 57 12 bf 47 cf d4 2c 47 36 15 dc de 89 8f 69 8b 3d 6e 0c 78 9d 7a 1d 00 23 80 f3 68 4b 9c 85 f9 b7 a5 e2 c8 a5 69 29 ae dc 96 05 02 ec f1 01 5e ba 5a 43 5d 0a 3c 22 8a e4 a9 1b 14 da cb d4 e6 7c 57 dc 2e ab d2 a7 e0 2d c7 09 68 e1 32 6e ea 3e 6d 7a 6d 0d 8b 42 48 5e 74 02 61 4d f5 78 9f fd 8c 15 93 85 e2 56 12 60 e2 34 43 e9 39 cd 4e bd 6d f5 69 8f 9a 83 52 8b 44 fe e9 3c 14 7e 1f a3 8c 11 87 9f 41 b2 93 de 9b 24 a7 1c fd a9 da aa 06 0d ef 2d ec 33 dc 72 85 fa 4a cf 7d ae 11 f4 f6 96 c8 5d fe 7f 64 6c e4 69 8c 57 3d 49 e3 1d 8c 64 7e de 9a 0a eb 79 d0 cf 7f 0b 78 35 3b b1 b3 b1 c5 76 fa a9 a2 d4 0f ef 84 1a 01 ff 4b 74 7e 79 b2 51 c3 cf 8b 1c cc ca 8d 8d b4 33 4f 27 ed 03 c0 f4 13 a7 9f 4e 7e 67 c1 49 33 ac bb 4c 33 ca 5b 13 aa
                                                                Data Ascii: L_cWG,G6i=nxz#hKi)^ZC]<"|W.-h2n>mzmBH^taMxV`4C9NmiRD<~A$-3rJ}]dliW=Id~yx5;vKt~yQ3O'N~gI3L3[


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                5192.168.2.649806150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:29 UTC346OUTGET /th?id=OADD2.10239363862712_1Y28E27W0AUV6JWOD&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:30 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 416666
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: BDF31528C24547FA9D50672BB96728A8 Ref B: EWR30EDGE0212 Ref C: 2024-12-23T14:09:29Z
                                                                Date: Mon, 23 Dec 2024 14:09:28 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:30 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 30 3a 31 38 20 30 38 3a 30 37 3a 35 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.0 (Windows)2023:10:18 08:07:598C
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 00 a5 db 9e 69 73 0f 94 8b 07 af 7a 31 52 ec cf 7a 36 61 b1 4f 9d 07 29 18 18 a3 9a 93 69 a3 6d 4f 30 58 8d ba d1 ef 52 63 3d a9 a5 69 dd 0e c2 03 da 97 3f 9d 1b 69 08 f4 a4 21 41 c5 3b f9 53 69 32 57 a5 1c b7 0b 92 8c 50 c0 0a 8b 75 2e 4f 04 d4 b8 b2 b9 95 87 e0 71 8a 31 f2 d3 33 9e 4d 39 4d 16 b0 5d 30 c1 a5 da 7d 29 54 fc d8 cd 3b 23 b5 21 e8 47 b3 da 9a 52 a7 c1 a5 03 d7 bd 2e 66 87 ca 8a fe 5e 78 c7 5a 8c c2 bd c7 7a ba 10 1e ab 48 51 4f 5a 15 46 83 d9 a2 8f 90 87 b7 e9 4d 36 d1 9e dc d5 f3 18 3d 38 a6 79 5e 86 b4 55 9f 73 3f 65 e4 51 fb 28 0b c6 ee 69 0d ab 0e 41 cd 5f f2 98 35 01 0e ec 9a d3 db cb b9 3e c6 3d 8a 0b 04 83 a5 3d 52 4e e2 ae 32 62 80 a7 d2 8f 6c de e2 f6 29 6c 55 56 65 ea 0d 3b 27 d6 ad 71 e9 4e da a7 a8 ac dd 55 d8 d1 53 f3 2b 07 1d
                                                                Data Ascii: isz1Rz6aO)imO0XRc=i?i!A;Si2WPu.Oq13M9M]0})T;#!GR.f^xZzHQOZFM6=8y^Us?eQ(iA_5>==RN2bl)lUVe;'qNUS+
                                                                2024-12-23 14:09:30 UTC16384INData Raw: a7 6d a6 62 98 85 dd 40 e2 9b b4 fa d0 32 28 b0 0f 52 0f 22 94 1c 54 63 d2 9c 0e 29 01 25 1d 69 b4 ec e2 80 0f a5 18 14 e1 cd 28 14 ae 91 5c a4 44 51 b4 d4 db 7d a9 76 52 f6 91 5d 47 ca df 42 ab 2d 35 96 ae f9 60 d3 4c 4b d2 a7 db 45 0f d9 49 94 8a fc bc 53 0a 9e bb 6a ff 00 96 b4 9e 50 1d 28 55 d0 fd 93 28 94 3d 28 ab 9b 00 a2 97 d6 07 ec 4c 86 27 b5 31 89 3d e9 c7 9a 42 3d 2b bb ea cf b1 c9 ed d3 22 20 9a 6d 4c 57 34 dd 99 a5 ec 1a 0f 6a 88 e8 d9 9a 93 61 a5 c1 15 9b a6 d1 4a 68 88 26 29 54 54 a1 73 4e 54 c7 15 ac 22 c9 94 90 e8 b8 eb 53 25 32 35 cd 4b 18 f5 ad 95 3b 99 39 d8 70 cf 5a 77 f0 d0 a3 1c d3 b6 d3 f6 22 f6 c4 32 26 6a 16 8f 15 6c a8 34 8c 80 f1 4f d9 f9 0b da 15 57 8a 7a d3 fc bf 4a 36 62 8f 64 1e d0 17 34 fe b4 c5 5c 54 98 c5 52 a4 4f b5 1a
                                                                Data Ascii: mb@2(R"Tc)%i(\DQ}vR]GB-5`LKEISjP(U(=(L'1=B=+" mLW4jaJh&)TTsNT"S%25K;9pZw"2&jl4OWzJ6bd4\TRO
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 8c 9c e0 55 7b ab db 1b 1d 3a 73 2d bd c2 2d a4 9c c8 91 ff 00 ad 70 72 30 41 27 19 c1 c9 c0 c0 ef 4f f0 ee a7 a1 4f e2 8b 5d 4f 5b d3 ae 75 2b 4b 78 d3 cc b6 6b c1 1a 85 53 9d 9e 60 07 68 1d 30 40 e3 d3 83 55 87 d5 b7 2f bf 72 e1 59 5f 53 d2 fe 06 fc 25 b6 d5 3c 36 3c 51 ad dc 5b 2e 93 0c f1 1d 49 65 65 dd 04 0d 1e f0 e1 41 39 90 9e 31 9d ca 0e 7a f1 5e a9 ff 00 0b 93 e1 af 85 74 b1 a0 78 7e da f2 ee cb 47 84 43 6e 62 01 16 7d a4 83 b5 8e 4b 13 f7 8b 1c 12 49 f5 af 9e 7c 65 f1 6e e3 4d d5 22 97 c1 93 dd e8 85 e2 37 17 10 25 d0 9a d4 c8 58 94 31 2e 08 52 8b b2 30 41 3b 82 e4 f2 4e 38 dd 2e f3 57 d4 1c 5b 41 6d 75 73 3c e0 bc 91 c5 09 39 62 46 08 fa 6e 53 9e 9f 30 f5 af 51 c6 7c 97 8a 3b 21 53 f9 4f a6 75 ff 00 da 36 d4 5a b7 f6 46 80 d1 cb e7 61 1a e6 50
                                                                Data Ascii: U{:s--pr0A'OO]O[u+KxkS`h0@U/rY_S%<6<Q[.IeeA91z^tx~GCnb}KI|enM"7%X1.R0A;N8.W[Amus<9bFnS0Q|;!SOu6ZFaP
                                                                2024-12-23 14:09:30 UTC16384INData Raw: e7 4d 82 58 e2 d5 22 64 2b 62 a0 c3 1d ce e8 fc d9 16 29 18 a8 67 8f 8c a9 e7 91 d7 3c 79 8c 16 ec f6 6f 22 d8 48 d0 44 e3 cc 90 48 48 0c 70 00 62 73 82 7d 0e 2b d8 be 1f f8 7b e2 37 c4 bf 87 36 7a 3a f8 96 53 e1 fb 59 e4 b8 48 b5 02 15 5e 71 2b 09 04 4f 18 67 7c 06 5c 97 23 1e 60 c0 20 64 f3 df 12 fc 05 af fc 3b b9 b9 d0 ee 62 b6 68 ef b4 bf b6 48 d0 ea 26 48 b6 c1 38 25 97 e5 52 c4 65 46 c3 c8 c9 39 e3 15 49 7b a4 b4 d4 9d ce 1d ad 25 17 4b 04 76 77 5f 68 9f 29 6f 0a 42 e5 e5 c0 e4 2a 8e 4e 3d 45 42 da 9b 5b 4c b6 fb e1 b9 80 00 a5 13 90 ea 40 25 5b 20 67 1d 3f 3f ad 6e 78 7f 4c d5 da e3 cc b7 f1 03 69 5a c3 44 ed 02 de 6f 8f cd 89 d0 b0 58 e5 e4 ae e1 9e 4e 10 ab 0c 91 92 4f 33 6b 04 9f 69 26 e4 17 7c 95 da 4e 4f fd f5 c8 e3 d4 54 38 2b 6a 65 28 df 73
                                                                Data Ascii: MX"d+b)g<yo"HDHHpbs}+{76z:SYH^q+Og|\#` d;bhH&H8%ReF9I{%Kvw_h)oB*N=EB[L@%[ g??nxLiZDoXNO3ki&|NOT8+je(s
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 1b db 4d 25 c4 24 c9 24 72 a8 7d c3 20 12 c6 40 c3 23 9e 3a e4 e6 b8 4b 24 c7 8b 2c b5 93 73 28 9a f1 05 b3 46 96 92 39 37 6a 3c 90 55 72 0a ba f2 d8 62 30 47 04 8c d7 7f 1e b9 71 2c 2e 34 8b 3d 42 77 8e dc b3 a5 ed ec d7 2b b6 35 1e 73 ac 68 59 93 01 b2 ce c7 71 ef 8c e6 b3 f5 79 6f 6e 6d 6d 3c 4b 67 71 25 aa 5d 39 8e 29 24 bb 68 e0 98 b6 14 31 0c 3e f6 37 e0 04 3c 67 93 92 6a 7e af 78 ad 6e d7 e4 11 c4 59 bb ad 1f e6 74 fe 39 6d 3e d3 e1 c5 8f 83 74 bd 52 29 1c 04 6d 42 55 26 48 e6 76 62 59 f6 e4 00 37 72 17 fd 9e 33 df 97 d6 b5 1b 48 0c 6f 73 24 7b 81 39 6f 24 96 76 23 96 89 3a 06 3e a4 80 33 d0 d6 1f 8c f5 f8 ff 00 b5 be c9 37 88 2e ec ae 0a bc 9f 68 fb 38 9e 26 24 60 23 c0 b8 2a 70 72 30 4b 60 76 ce 6a d5 e4 32 db 43 f6 8b 28 25 16 ed 1a b3 f9 36 8b
                                                                Data Ascii: M%$$r} @#:K$,s(F97j<Urb0Gq,.4=Bw+5shYqyonmm<Kgq%]9)$h1>7<gj~xnYt9m>tR)mBU&HvbY7r3Hos${9o$v#:>37.h8&$`#*pr0K`vj2C(%6
                                                                2024-12-23 14:09:30 UTC16384INData Raw: b5 35 a2 b3 45 e1 bd 20 06 56 ca 4b 75 26 ef 35 30 41 ca a8 ca 90 70 73 9c f1 ef c6 1c d2 ea 54 a5 18 ee cf a5 b8 55 04 c7 80 7d a9 ca eb c9 d9 80 a3 27 d8 0a f8 0e 2f 8e de 2c d2 b5 59 ef 20 f1 05 f4 ad 2c ac e1 2e 6e 0c 91 aa b7 55 55 27 83 c9 1b 87 22 af eb 1f 1d fc 49 e2 9b 57 b5 fb 65 e4 56 01 99 9a d1 35 00 23 55 24 90 ac c7 e7 60 37 63 24 e4 8e b9 c0 a1 c6 56 bd 8c bd aa e8 8f 68 fd aa 3c 45 e1 ed 6b c4 1e 15 ba b3 92 2d 52 0d 1c 4b 79 7b 6c a3 e6 0b be 23 b5 81 1f 29 60 a7 83 d6 ba ff 00 17 7c 60 d3 3c 5f fd 97 e1 7f 02 78 86 4d 3b 51 d6 2e 62 55 b9 9a 2d a2 d9 59 19 ca 80 48 05 97 6e 19 41 07 a0 04 e7 8f 98 2c 25 53 f0 ef 5d d6 21 b9 8a 77 86 29 d9 94 12 55 4a 2a e5 41 20 64 fc dd 46 54 9e e7 ad 70 96 b7 ba 9c ab 6b a9 5a 3b 2a cc ee aa b1 c4 59
                                                                Data Ascii: 5E VKu&50ApsTU}'/,Y ,.nUU'"IWeV5#U$`7c$Vh<Ek-RKy{l#)`|`<_xM;Q.bU-YHnA,%S]!w)UJ*A dFTpkZ;*Y
                                                                2024-12-23 14:09:30 UTC16067INData Raw: 84 5e e2 68 f5 6d 2b 46 80 c6 20 08 21 75 91 e4 13 45 76 c4 f0 1a 30 a1 41 04 92 46 07 04 83 e0 7c d7 57 7f 14 b5 8d 6f 59 bb b9 9e eb 4c f0 f2 8b 97 9c 05 c3 19 37 48 15 47 dd 50 22 c0 1c 60 0e 83 9a d6 eb 5d 7a 7e 7f f0 e7 3e ae 5c ad 6b 7f c8 f2 3f 8d 37 d2 6a 1e 2c d6 2e a5 80 47 24 da 94 aa d1 ac a1 c2 ec 3b 30 18 60 36 36 e3 20 62 bd 5f f6 2f 8e 38 be 07 83 1f 12 4b ac 5d b4 c7 1f 79 81 50 33 f4 00 75 af 0e f1 7c 97 37 77 8b 2f ca b7 17 2a d2 10 7a 6e 72 5c e7 3c 75 35 ee 3f b1 24 17 6d f0 5a 56 b8 28 63 3a bc fe 49 1d 4f ca 9b b3 ed 9a c6 4d 25 bf 5f f3 37 b3 75 3e 47 ab 8b 95 5b a4 81 ce df 35 49 8c 9e 8c c3 aa 8e d9 03 9c 75 23 e8 69 eb 70 af 3b db ac e1 64 5c 02 03 0d c0 91 90 30 7b e3 9e 9d e9 9a 95 94 b3 5a b4 42 de 1b 98 c8 1b e0 90 81 bf 07
                                                                Data Ascii: ^hm+F !uEv0AF|WoYL7HGP"`]z~>\k?7j,.G$;0`66 b_/8K]yP3u|7w/*znr\<u5?$mZV(c:IOM%_7u>G[5Iu#ip;d\0{ZB
                                                                2024-12-23 14:09:30 UTC16384INData Raw: f6 10 cb 22 ac 88 40 38 32 34 64 61 98 90 4e 0e 79 1d f3 51 fc 44 f0 26 87 a1 7f 63 ea b1 68 fa 64 37 56 51 bc 51 49 6d 6e 63 79 ce 14 09 1d 83 83 24 8a 79 cb a7 3b cf 5c 0c 4b 33 cf a0 7c 3d 36 d2 fe ee ea 1b b7 08 ed 96 31 6f 90 91 b8 0e e0 fa 75 18 f5 a5 d6 65 95 bc 16 2f b5 99 26 bb ba 99 44 10 c6 d9 52 aa 48 24 e0 f2 32 78 cf 50 0f bd 2a 35 a1 ec 39 39 6e ed b9 8d 58 4b db c9 df 43 cf bc 45 a8 68 8e d1 5a de 8f b7 c9 75 28 49 ad a2 81 a5 31 28 c0 1b a3 40 0c 83 3f c3 90 58 0f 73 55 af 35 3b a1 a4 68 1a e7 91 1d 95 c2 5d 06 64 8a 46 55 59 63 62 bc 17 e5 72 57 38 3c 2f 03 b5 3b c1 9a 8a e9 de 3e b1 d4 34 e9 7f b3 a6 0e e1 66 6b 71 20 dc c1 93 71 52 70 c1 b3 d3 23 00 fb 56 e7 c4 d5 ba b7 d5 b4 eb 9d 5f 4e d3 45 cd ad d2 1b 9b 68 23 09 68 59 48 04 05 04
                                                                Data Ascii: "@824daNyQD&chd7VQQImncy$y;\K3|=61oue/&DRH$2xP*599nXKCEhZu(I1(@?XsU5;h]dFUYcbrW8</;>4fkq qRp#V_NEh#hYH
                                                                2024-12-23 14:09:30 UTC16384INData Raw: be 21 2e 22 b7 93 64 f3 cc 24 d8 cc 30 1c 90 47 1f 36 30 3e 6d d8 0b 92 2a cf 89 35 2b 68 ad ae f4 2b 3b 7f 24 47 10 8c 4b 69 11 58 e1 66 08 4b 2a e0 13 80 7a 9e 84 82 31 ce 4c 2c 61 43 09 56 9e 26 4e 2e 7e 77 7a 74 de fb fc 4d a7 7d b7 2a 70 93 a8 96 ea c7 9f ea 83 45 81 24 b6 54 29 6a 76 17 c3 14 f3 b0 72 30 14 7c db 70 40 24 e4 f5 e3 93 5b da fe a5 0e a7 1a 5f cf 2b ea 90 da db a3 49 2c b1 04 90 88 c1 21 54 0e 36 09 18 9f 7d be c7 35 be c3 2c 56 eb 04 f3 16 77 40 23 11 48 38 ce 41 52 c4 12 c3 3c 60 60 13 eb c9 ac e1 a8 34 77 23 4e 9a cb cb 72 42 9b 85 05 82 00 0a 83 8e 84 11 9e 99 1c e3 d6 be 7e 9d 59 45 7b 8d bf 98 4e f1 67 a1 fe cf fe 2b 8f 40 be ba d3 b4 bb bb e8 f5 4d 59 8c d2 b5 bc 4a f1 db 44 06 51 18 f6 27 e7 24 91 c1 03 d4 57 a9 ff 00 c2 c4 f1
                                                                Data Ascii: !."d$0G60>m*5+h+;$GKiXfK*z1L,aCV&N.~wztM}*pE$T)jvr0|p@$[_+I,!T6}5,Vw@#H8AR<``4w#NrB~YE{Ng+@MYJDQ'$W


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                6192.168.2.649807150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:29 UTC375OUTGET /th?id=OADD2.10239363862713_1RWXDD5HJIZYGFTRH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:30 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 432769
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 856D091819CC42C1B120E11BF778AA75 Ref B: EWR311000105009 Ref C: 2024-12-23T14:09:29Z
                                                                Date: Mon, 23 Dec 2024 14:09:29 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:30 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 30 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 30 3a 31 38 20 30 38 3a 30 37 3a 31 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 25.0 (Windows)2023:10:18 08:07:158C
                                                                2024-12-23 14:09:30 UTC16384INData Raw: b5 56 f3 a9 3c d1 d4 d1 a8 68 5a ce 69 09 03 ad 57 f3 41 e6 93 cd 14 ac c2 e8 b0 58 52 97 c5 56 f3 05 2e fe d9 a4 e2 ca 52 45 8d f4 9e 65 43 e6 62 9b e6 54 f2 b0 e6 27 2f 48 5c 54 3b f3 48 5a a7 91 8f 9c 95 9f 1d 2a 36 6a 6e ea 63 30 ed 4d 40 4e 63 d9 a9 a5 b1 4c 2d 4c 6f 6a b5 03 37 31 cc f4 c6 73 48 79 a4 c5 5f 29 0e 42 33 9e f4 d6 73 dc 9a 30 77 53 59 4d 3e 51 5c 43 21 1d 69 8e e6 9c ea 45 46 dc 73 56 a2 89 e6 63 5e 4c 77 a8 9e 53 4b 27 7a 85 c1 35 a4 60 88 94 9a 09 26 35 0b be 29 ce 2a 16 15 ac 62 8c dc 86 bc 9f 9d 43 23 93 d6 a4 70 6a 36 43 d6 b4 51 21 b3 d7 04 8a 7b 51 b9 0d 60 c3 7e e7 19 35 66 3b c6 3c d7 8b ec 24 8f 5d 56 8c 8d 65 75 f5 a3 cc 1d ab 39 6e 4d 3b ed 07 fb b5 4a 9b 17 b4 46 87 9b 8e f4 79 c7 d6 a8 1b 9f 55 a4 37 20 f1 8a d6 34 6e 43
                                                                Data Ascii: V<hZiWAXRV.REeCbT'/H\T;HZ*6jnc0M@NcL-Loj71sHy_)B3s0wSYM>Q\C!iEFsVc^LwSK'z5`&5)*bC#pj6CQ!{Q`~5f;<$]Veu9nM;JFyU7 4nC
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 00 0e 72 07 35 a3 1d de 9e f7 86 ce 3b fb 67 b8 5d d9 89 65 52 e3 68 52 72 33 9e 03 a9 ff 00 81 0f 5a f8 2f 45 d7 35 7f b4 16 ba bf 86 e5 7b c2 f9 3c fb 1e 99 fc 6b a4 b7 d6 ef 2d b5 55 9d 2f 76 6f 52 4b c6 4f 98 48 c1 da 58 1c 75 00 e7 9e 9e d5 d8 f1 d3 83 e5 94 7e ef f8 60 e7 77 b1 f6 d1 85 82 e7 07 8e 0d 37 65 7c 7a 7e 20 78 9a 0d 7a 3b f8 35 cd 41 2e df e7 13 99 09 de 02 ed cb 29 38 6e 80 64 8e 95 ea bf 0f be 36 5c de 6b 16 76 fe 25 b8 86 d2 c4 44 be 75 ca da 97 79 4a 86 04 b6 0f ca 59 8a 9c 81 80 14 fa d6 d1 c6 d3 7b e8 69 aa dc f6 d0 94 e5 4e f5 83 e1 8f 1a 78 6b 5c d1 1b 55 b6 d5 21 86 08 d5 da 55 b8 95 63 78 95 4e 0b 30 27 80 78 3f 88 f5 19 e5 fe 23 7c 67 f0 d6 87 a4 dd 0d 0a 51 ab 6a 11 e1 51 53 2b 10 05 73 e6 6f 23 0c 14 91 c7 73 9f 4a d2 75 e9
                                                                Data Ascii: r5;g]eRhRr3Z/E5{<k-U/voRKOHXu~`w7e|z~ xz;5A.)8nd6\kv%DuyJY{iNxk\U!UcxN0'x?#|gQjQS+so#sJu
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 36 01 d9 d1 b3 ed fd 68 c4 a1 dc 90 11 4a 82 80 12 4e 7d cf 5f c2 b3 e0 b6 bb 8d bc d8 9d 4f 3f c1 d3 f2 e6 ad d9 de ce 6e 0c 4f 1e 19 b3 e5 97 5c 8f 52 a0 02 07 d0 73 5a c6 51 6e cc 96 9a 27 52 4b 0d d2 85 28 a3 ee e3 86 f6 3d 41 e0 d7 a4 78 37 e3 1f 8a 34 8b 78 ac f5 18 ad 75 ab 78 b0 a0 dc b1 59 f6 e3 80 25 1d 7d 8b 29 35 e6 79 91 99 9d ca 91 ca 93 83 1e 0e 31 d3 9f 4f 6c 73 56 2c ed d1 63 73 2b c7 b4 93 85 ce 31 9e 98 c0 ff 00 0a 55 29 42 71 b4 90 e1 52 70 77 4c fa 83 c0 5f 10 fc 27 e2 c9 23 b6 b6 bb 36 1a 8c 9c 0b 1b dc 23 b9 f4 8d 81 da ff 00 40 77 7b 57 58 f6 a5 5b 04 57 c6 bf 66 8c 65 8c 80 f2 08 f9 ba f7 18 c8 e0 f4 e4 73 5e ad f0 d3 e3 2e af a1 d9 ad 8f 88 e3 7d 72 ca 34 1e 5c c2 50 2e a1 5f 42 c7 89 00 1f de c1 1e bd ab c9 c4 e5 cd 6b 4f ee 3d
                                                                Data Ascii: 6hJN}_O?nO\RsZQn'RK(=Ax74xuxY%})5y1OlsV,cs+1U)BqRpwL_'#6#@w{WX[Wfes^.}r4\P._BkO=
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 2c 6c 13 5a b9 8f 46 86 cd 6d 94 86 8e 38 e4 95 94 e3 19 0d 23 f1 c1 e3 82 41 39 e9 c6 79 ab 53 82 f7 a3 2b 21 72 bb 5e c7 a9 78 0f e2 c7 c3 1d 2b 4f 8e fc f8 3c 1d 59 91 04 b7 46 31 e6 4a c5 49 6c 37 f0 80 c7 00 75 c1 27 8e 95 d3 f8 63 e2 0c da d8 b6 d4 35 59 f4 a1 69 1c 8d 79 1d 82 4c 3c c0 03 2a 2a b2 b3 97 2e 19 89 19 01 54 7f 0b 1e 47 86 59 f8 72 09 20 96 7d 43 54 d2 55 ad 7c b5 5b 44 99 99 dc b8 c6 e5 65 46 f9 17 39 66 e7 00 1e 09 c0 3d 57 85 fe 06 36 bf a0 7f 6d f8 7f c4 b1 dd 1f 35 e2 32 a4 6d 6e e6 54 18 c2 e4 e1 78 c1 c3 05 38 6c f0 78 a5 87 a9 52 7b a5 6f 53 25 52 77 b5 cf a3 b4 3d 5e f3 51 d2 d6 fa e2 c2 4b 25 95 89 86 39 1f 2e d1 ff 00 0b 91 81 b7 70 e7 1d 40 23 f0 e7 3e 25 f8 cb 56 d1 21 5f ec 0b 2b 5d 46 e6 17 43 73 6f 71 29 8f 2a df 75 55
                                                                Data Ascii: ,lZFm8#A9yS+!r^x+O<YF1JIl7u'c5YiyL<**.TGYr }CTU|[DeF9f=W6m52mnTx8lxR{oS%Rw=^QK%9.p@#>%V!_+]FCsoq)*uU
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 37 17 70 49 70 63 23 08 ab ea 32 0a fa 1e fc 8c 63 eb 4d c9 2d 12 15 9b 29 d9 5a c8 f0 b0 8e 39 23 59 24 01 98 2e f9 36 93 c6 e3 c9 51 db dc d3 63 b8 c6 ab 2c 76 e3 31 41 17 47 04 2a 63 d0 03 cf af 3c 8f 7a b5 73 7c e2 49 ad 2c ad e4 89 a5 25 5e 32 43 03 90 0e e6 e3 20 83 ce 7b 0a ad a9 42 f6 16 a2 d6 4d d2 35 c6 24 33 13 85 dd dc 80 73 90 00 c6 38 fd 69 29 68 32 2b 53 62 21 9e e6 fa 29 ae f1 0e db 60 66 f2 f6 82 70 19 86 0f 3e d9 e9 eb 59 ea a6 e6 e1 c2 42 15 9c 00 76 0c 81 91 c0 03 d7 bf f8 54 b2 5a 5c df dc 33 b6 d5 49 0f ca 09 c1 60 3b 01 e9 c5 5f 55 8e 38 85 9c 01 55 70 73 b4 72 4f 5f e7 d2 a2 53 b0 bd 46 e9 5a 44 71 c2 5e 6d a6 38 db 18 0d 90 08 ea 09 ee 7f 41 ef 57 ae 49 93 62 84 c4 69 d4 28 da 01 03 a8 3f e7 af bd 3f 0b 0d b3 c0 9e 4a e7 01 ba 1f
                                                                Data Ascii: 7pIpc#2cM-)Z9#Y$.6Qc,v1AG*c<zs|I,%^2C {BM5$3s8i)h2+Sb!)`fp>YBvTZ\3I`;_U8UpsrO_SFZDq^m8AWIbi(??J
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 5e e0 3e b5 a8 1b db c2 80 dd 5c c9 2e 64 72 01 c7 3e 9c 63 93 80 3f 2a e3 c5 4a 34 e0 a2 b7 fc 8d fe b1 39 6d a3 3a 0f 8a da f6 ab e3 cf 11 47 aa 6a b3 ad bb 9f dd 01 66 bb 63 89 41 38 dd 93 f3 1f 72 49 c6 07 61 5e 6f e2 bd 06 fa 3d f7 16 2f 77 73 0a 60 b4 8f 19 0a 7d 31 8e 3f 5a b5 7d ac ea 32 db 34 da 66 96 c9 6d 0b fc c0 a1 2f 92 00 2c 4f a7 41 81 9e d5 9f a9 f8 d7 52 96 33 65 7b 1c 51 4e b2 65 64 48 72 d8 23 05 48 1c 1f 5c f5 06 b9 29 aa ea 57 56 66 71 75 1e ec ec bf 67 69 ee af 75 e9 e2 9a 09 96 4b 4b 39 1a 40 48 11 be 4a 60 a8 5e 09 00 13 83 9c e4 9c f5 ae 57 48 d4 74 db a5 9a de 0b 7f b1 5b 5b 26 ef 3e e5 88 5b 70 4e 37 33 92 0e e2 40 18 19 24 a9 00 71 8a ed be 05 da ea 76 93 6b 17 d7 50 49 6c 20 d1 a5 78 16 58 b0 f8 3b b3 c6 49 5c 9e 72 06 4f e5
                                                                Data Ascii: ^>\.dr>c?*J49m:GjfcA8rIa^o=/ws`}1?Z}24fm/,OAR3e{QNedHr#H\)WVfqugiuKK9@HJ`^WHt[[&>[pN73@$qvkPIl xX;I\rO
                                                                2024-12-23 14:09:30 UTC16069INData Raw: 7a 1f 87 af a4 1a 3c 0d 2d a4 b6 92 48 81 a4 82 79 c4 b2 23 1e a1 98 12 18 fb 82 41 ac 25 0a 8d 6e 75 d3 95 1e 6d 16 a6 e8 5c 2e 14 01 48 d0 b3 7d e6 35 9f fd a3 ef 4b fd a0 de b5 0a 94 cd bd a4 3b 97 d6 dd 43 64 e4 d4 8b 18 1c 0f e7 59 7f 6f 6f ef 50 75 06 fe fd 0e 95 46 1e d6 08 d7 58 fd c0 fc 69 ea 8b ff 00 3d 00 ac 4f b6 b1 fe 3a 4f b6 93 c6 fa 87 87 9b 1f b6 81 bc 16 3e f2 8a 3f d1 c2 ff 00 ac cd 60 fd b0 9f e3 a5 17 67 fb f5 9b c2 cf b9 4a b4 4d e0 f6 a3 a9 34 a2 5b 51 c7 5a c1 5b bf 7a 5f b5 8a 87 84 97 76 57 b6 89 bf e6 db f6 0b 49 f6 88 07 40 2b 03 ed 8b fd ea 3e d8 3d 6b 3f a9 4b cc 6a b4 4d ff 00 b4 47 d8 0a 5f b5 28 e8 05 73 df 6d 03 f8 a9 0d f6 29 7d 41 b0 fa c4 7b 9f 9f b9 4d a4 31 c3 76 18 ce 7e be 95 19 45 2a 08 71 b8 82 08 c7 6a b2 b6 f8
                                                                Data Ascii: z<-Hy#A%num\.H}5K;CdYooPuFXi=O:O>?`gJM4[QZ[z_vWI@+>=k?KjMG_(sm)}A{M1v~E*qj
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 2b c7 93 8a 71 f2 ff 00 80 77 46 32 6a 4f b9 17 89 f4 e1 17 c5 ef 09 d8 6a 97 93 5f b5 db c7 f6 80 49 89 48 da e0 29 20 83 82 7a 8e 37 02 47 73 5d af 87 64 4b 6f 8c 5e 2c 9c 18 ad a1 b7 d2 ec 23 27 88 e3 89 40 73 80 06 02 80 3b 0a e0 7e 30 6a be 1a b6 f1 f6 85 e2 1f 0c dd 1b bb 6d 26 ee 25 94 bc d2 dc 46 59 4e ff 00 95 9d 8b 1f 94 8e 01 03 af d6 b0 75 1f 10 da 78 8a f3 5e d4 6e e5 bf b6 b8 d5 6e 53 69 86 43 1c 5e 50 1b 42 95 c1 24 81 dc 9d a0 f5 1c 93 50 b1 34 e9 dd c5 5f de bf e0 5c a8 ce 49 6b d1 23 d3 fe 2e f8 b7 4b b9 f8 69 ad 26 9d ab 5b 5d ca 20 52 d1 c5 2f 3b 49 ea 33 ee 07 d3 23 d6 b9 ef 80 b6 3e 4f 88 34 f5 81 02 1b 6f 08 c1 21 75 62 cc 0c d2 ab 92 0f 40 c7 9c 9c 71 db af 1e 77 1c 56 5f d8 ba f7 d8 98 85 5b 65 dd 33 00 77 28 75 38 39 c9 07 e5 3d
                                                                Data Ascii: +qwF2jOj_IH) z7Gs]dKo^,#'@s;~0jm&%FYNux^nnSiC^PB$P4_\Ik#.Ki&[] R/;I3#>O4o!ub@qwV_[e3w(u89=
                                                                2024-12-23 14:09:30 UTC16384INData Raw: a7 0e 4e 32 38 53 93 c6 4f 5f 5f a5 5b f1 37 87 ae b5 1d 26 29 62 b9 32 a1 53 34 77 30 c6 ca 15 71 b8 86 53 93 c8 18 ea 4e 4f 6e 95 9b 74 61 38 a6 f4 66 75 2b 45 3b 11 d9 df 26 a3 a3 fd ad a4 96 d4 8c 9c 60 30 24 1c 06 c6 41 60 49 ea 33 8a d6 b5 8a d6 4b 48 ee cc ad 33 34 43 60 03 e4 ce 71 9e 46 79 3c fa f4 fa d5 00 17 4e b5 b5 69 a2 1b ee 23 0d f6 79 23 3b d1 ba a8 2d 81 c9 18 38 03 8f 43 4b 65 a5 df 5c e8 ed a8 c3 24 46 38 70 26 88 9d 8e 09 e4 e5 49 e0 80 41 e4 83 f5 e9 59 4b 91 eb 7b 46 fa 7f 91 34 da 7a c9 e8 6a 89 6d 82 79 09 24 6a b1 93 90 4e dc 9e a3 f0 cf 3c 73 4e b2 91 16 e8 b0 92 46 dc 86 35 8c 4b b9 76 10 46 48 ee 4f 3d 73 d4 74 ae 5b 5b 9e 1f b4 cc 6d 6f 63 48 91 df 86 01 b0 a0 02 02 9c 92 4f 3d c7 18 f7 c5 51 d0 75 4f b3 5a f9 cf 2a cb 24 a4
                                                                Data Ascii: N28SO__[7&)b2S4w0qSNOnta8fu+E;&`0$A`I3KH34C`qFy<Ni#y#;-8CKe\$F8p&IAYK{F4zjmy$jN<sNF5KvFHO=st[[mocHO=QuOZ*$


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                7192.168.2.649808150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:29 UTC346OUTGET /th?id=OADD2.10239402415503_1IET5OVL073FDA0RX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:30 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 352481
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 6949B828E3744FFDA8A890F1CD061167 Ref B: EWR311000103017 Ref C: 2024-12-23T14:09:29Z
                                                                Date: Mon, 23 Dec 2024 14:09:29 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:30 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 32 39 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:298C
                                                                2024-12-23 14:09:30 UTC16384INData Raw: ef b4 fd 0d 7d 03 fb 3f 7e d3 ba ee 85 a8 41 a1 7c 4c 9f fb 42 c2 76 02 3d 59 97 69 87 fd ff 00 f1 af 07 7b 59 ed be 79 2c da 30 cb f2 b3 2f 7a 6b da f9 f0 b7 c8 ce 19 70 d5 bc 71 12 5b bb a3 cf af 95 e1 ea af 86 cf ba 3f 4d b4 ab cb 3d 53 4b 83 53 d3 2e 56 e6 d2 e5 43 c5 2c 6d b9 58 1a 9d 79 e0 d7 c1 7f 08 fe 31 78 c3 e1 96 83 67 65 a4 5e 2d d5 8c 52 6c 6d 3e e7 e6 55 4f 55 6a f7 3f 03 fe d6 de 0d d4 75 44 d3 fc 53 a7 cb a3 b4 d8 55 ba fb d1 b1 3e a7 b5 74 46 49 ec cf 9c ad 82 ad 49 bb c6 eb b9 f4 0e 07 fc 0a 86 fb d5 0e 97 7b 65 aa 69 b1 5f 69 b7 70 dd 5b 4a b9 59 22 6d cb 8a 9f f8 aa 8e 68 b4 d6 80 d4 7f 0d 2a f1 43 71 40 68 26 0d 2e 3b 9a 17 de 8c ff 00 df 34 98 98 01 9a 31 96 a3 18 a0 f1 f5 a4 82 20 46 ea 45 a7 2a 8a 31 45 d0 d8 94 ea 45 f4 a3 ff 00
                                                                Data Ascii: }?~A|LBv=Yi{Yy,0/zkpq[?M=SKS.VC,mXy1xge^-Rlm>UOUj?uDSU>tFII{ei_ip[JY"mh*Cq@h&.;41 FE*1EE
                                                                2024-12-23 14:09:30 UTC16384INData Raw: d4 6e ed 6f a3 9e 58 17 cb 55 56 fe 32 71 80 7b d7 95 f8 6e 65 85 a6 bd bd 8a 39 24 95 f7 ff 00 ba 3d 2b 91 d7 3c 75 e1 47 bc 83 47 b1 d4 d6 5b 6b 11 b2 49 d7 ee cd 27 73 f4 cd 49 75 e3 5f 0c 43 0a c4 75 35 53 fd dd a7 75 72 d5 c2 62 1b fe 1b fb 8e ec b2 96 03 0d 42 51 55 97 bc f5 d5 2d 11 b1 af 3f da e6 92 45 f9 77 35 76 9e 0c b9 d4 fc 4f 66 9e 1e d3 1e db 4e d3 ad 50 7d aa 44 ea ff 00 e3 5e 46 3e 20 f8 4a 4b e8 ad 0d d5 cf 92 cd 89 67 58 3e 55 1f 4e f5 b5 f0 27 c5 d3 a6 bd a8 78 b1 2c 5a 3f 0e 5a f9 90 34 d2 c9 b7 ce 23 a1 fc 3b d7 46 13 2a c6 c9 fc 0e c2 cd f3 9c b6 38 66 95 44 e7 1f 87 ae bf 97 a1 ea 7a 2f c2 b3 17 8c 13 55 d4 2e 63 9e da cf f7 90 41 12 f3 21 f7 35 85 e3 cb bb fd 53 5a 9e e6 7b 6f 21 62 fd dc 63 ee ac 6a 2b cf fe 25 fe d3 1a f5 fc 92
                                                                Data Ascii: noXUV2q{ne9$=+<uGG[kI'sIu_Cu5SurbBQU-?Ew5vOfNP}D^F> JKgX>UN'x,Z?Z4#;F*8fDz/U.cA!5SZ{o!bcj+%
                                                                2024-12-23 14:09:30 UTC16384INData Raw: d1 7f bb 53 21 dd 1d 47 20 3b b0 7a d3 a3 f9 78 a2 e5 5b 42 4c 01 d4 d0 a9 d8 b5 39 47 7a 24 52 7f 8a 95 ee 03 55 80 ea d5 e8 bf 06 74 15 91 9b 58 91 9b f7 7f 24 6b fd 6b cf 14 0f 98 7c d9 af 66 f8 4a 8b 07 86 60 42 cd 86 e5 ab c7 ce ab 4a 18 66 a2 f7 3e ab 84 b0 90 ad 8f 4e 6a ea 3a 9d 4c 60 ba ed 0b c2 d3 94 ed e2 91 a4 10 af 0d b7 75 47 e7 46 5b 01 97 3b 6b e1 f5 3f 60 d1 0e 63 f2 e7 bd 37 96 fa 54 73 46 eb 27 de 56 1f ec d3 90 e5 79 a0 6b 52 55 38 e9 f3 54 b0 8d dd 5a a0 8f 1d 2a d3 32 24 7f bb dc c6 82 65 a1 24 d2 e2 d7 c8 4f 96 36 fb d5 59 82 46 df 22 ff 00 c0 69 a5 f1 1e 2a 38 48 dd cb 6d db 4a c4 28 a4 5a c1 5e 5d bf e0 35 0b 30 1b ce e6 5d b8 3b a9 48 2e d8 dd bb ff 00 65 a8 a6 60 19 96 6f bb 1f dd 6a 63 45 e8 64 22 15 95 1b 69 65 ab 4a c0 ab 49
                                                                Data Ascii: S!G ;zx[BL9Gz$RUtX$kk|fJ`BJf>Nj:L`uGF[;k?`c7TsF'VykRU8TZ*2$e$O6YF"i*8HmJ(Z^]50];H.e`ojcEd"ieJI
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 27 9d 54 c6 bf 75 bf 8a b0 b4 b9 83 37 ce ac aa df de fe 2a ea b4 78 62 fb 2b 18 fe 63 fd da e7 c6 56 4a 92 8b 47 56 59 83 94 b1 1e d5 3f 91 9d af 69 fe 6c 8b 3a f9 6b e5 73 b5 b9 aa b1 b6 f5 de 56 35 2d fc 31 ae d5 fc ab a0 ba b5 b8 6b 76 12 40 d1 34 9f c2 cb f3 62 b1 2e ac dd 37 6c e8 bf 7a b9 28 d7 72 87 25 cf 43 15 84 51 ad ed 14 75 62 79 0f 70 df bd 89 64 89 7f e7 9d 5b 4d 2a dc c3 80 bc 56 95 85 c4 b1 69 30 5b 79 50 2f 96 a7 e6 58 fe 66 cf 76 3d e9 73 b9 79 ac eb 57 95 ed 16 74 61 b0 71 b5 e6 8c 6d 4a 01 06 9f e4 c9 f2 af 55 68 d7 6d 61 36 a1 a9 e9 f1 b1 8a 4f 32 26 fe f7 55 ae b2 f8 24 91 b4 52 2e f1 58 7a c5 b0 92 d7 01 7e 55 fb d5 d3 85 ac 9e 93 d4 f3 f3 0c 1c ad cd 47 4b 1e f9 fb 11 6a ad ad 78 3f 5c d0 f5 3d 32 46 d3 ee 1f cb 59 d5 b7 75 1c ae
                                                                Data Ascii: 'Tu7*xb+cVJGVY?il:ksV5-1kv@4b.7lz(r%CQubypd[M*Vi0[yP/Xfv=syWtaqmJUhma6O2&U$R.Xz~UGKjx?\=2FYu
                                                                2024-12-23 14:09:30 UTC16384INData Raw: cc df 51 64 97 7e dd ed ba 9c 9e 5b af 32 f9 7f 2d 43 70 83 6c 64 3f 3f c4 b4 8f 21 75 58 f6 fd d5 a9 48 d3 9d 5a c1 34 52 79 98 4f 98 7f 79 69 ca 82 36 c6 ed c5 7e f5 2a 89 3c 9c a2 b3 76 dc bf 76 96 d2 ce 5b 89 3c b4 97 6b 37 f7 ab 42 1c 6f ad cb 96 b7 37 d0 c3 93 75 23 47 bb 3e 5c 78 aa 5a 95 ed dd e4 98 b8 95 9a 56 6f bd 26 77 63 b0 ad 8b 8b 38 34 e6 8e da 2b e8 2f a4 93 06 49 22 ce d8 cf a7 35 3c d7 97 8d 1f d8 e4 89 54 ff 00 0a ac 61 77 51 4e ae b6 b1 8d 5a 71 e4 ba 3b df d8 c3 4c 97 fe 12 ad 63 51 b9 b1 59 56 de 05 4b 6b b6 8c fe ec 9f bc 14 f4 fa d7 a8 7c 66 f1 1e 95 a1 78 7d ed ef 96 e6 49 ee 93 10 46 9c 23 1e d9 f5 02 b0 7e 0a f8 53 c4 be 1f f0 b3 5c df 6a f0 da e9 f2 fe fe 5b 55 52 c7 9e ec dd b8 ec 2b 85 f8 c9 e2 5b 6f 13 78 bb 3a 77 99 f6 2b
                                                                Data Ascii: Qd~[2-Cpld??!uXHZ4RyOyi6~*<vv[<k7Bo7u#G>\xZVo&wc84+/I"5<TawQNZq;LcQYVKk|fx}IF#~S\j[UR+[ox:w+
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 1e 7f c2 33 1c 9a df 89 1e 3b ad 6a e5 8b 6d 8f e6 4b 51 fd d1 9e a7 de ad 61 f9 2d 24 73 d7 cc 63 0a 7c 8d 68 65 fe cd bf 0b d7 c2 56 b7 3e 23 d4 ff 00 7b a8 6a 71 a7 91 1c 8b b4 da c6 3b 7b 31 ef 5e 91 a8 79 f2 dc 2c 71 f4 fe 2a bb 71 3e f5 c9 6d df dd a8 a1 65 da f9 6e 7f 86 bb 21 29 de ec f9 7a f2 55 1b 31 75 59 a2 b4 85 ad e3 fe 2f bc df 4a c7 10 f8 96 f2 e9 46 8f a6 c7 2d aa a9 2f 3d cc db 23 5c 7e a6 a5 f1 42 5c aa c9 f6 78 96 59 23 52 56 36 6d ab 21 ec 33 5c 26 b5 a7 fc 63 f8 8b 0a e9 5f 63 b4 d0 74 fb 35 c4 8b 6d 33 a4 77 07 dc 8e 5b f0 ae ca f8 88 d1 a4 ac f5 67 0e 0f 03 3c 4e 21 ca 6d 46 11 ea f6 38 8f 8a 3e 28 d6 35 5f 13 2d b4 f7 30 ca 2c 58 db 47 f6 26 2c b3 12 70 71 9e b5 eb 7f 03 7e 12 8d 12 e1 3c 51 ae df 47 fe ab 7f 91 bb 09 07 7c b1 ee
                                                                Data Ascii: 3;jmKQa-$sc|heV>#{jq;{1^y,q*q>men!)zU1uY/JF-/=#\~B\xY#RV6m!3\&c_ct5m3w[g<N!mF8>(5_-0,XG&,pq~<QG|
                                                                2024-12-23 14:09:30 UTC16069INData Raw: 3d ac 3e 65 46 e9 39 af bc da 56 4d bb 87 cb b7 1f 2d 39 76 49 1b 18 ff 00 86 b2 e1 d4 ad dd 5b 7c aa ac bf 79 6a 75 9e 0d b9 8d 97 1d 37 6e fb d5 c6 e9 4a 3b a3 d6 8e 22 95 45 ee c9 7d e4 de 58 2d b1 db 68 6e 37 7f 76 ab be 9e 86 16 27 cb 62 df c3 53 ab fc bc ae e2 df c5 ba a4 b7 31 fd ab 12 ae e5 db f7 55 b6 d3 52 94 76 61 2a 74 e7 ba 31 a4 b0 0d 26 c0 bb 7b 55 77 b7 b8 86 6c ee 6c c7 fc 2d f3 6e ae 8a eb ec ce df b9 83 cb 0b fe d6 ea af 20 49 37 07 fd db 2f dd dc b5 d3 47 11 3b 9e 56 2b 2f a7 2d 63 a1 1c 7e 24 bb 93 49 5d 3e 6b 6f 2a d5 5b 3b 96 3d cd bf d7 3d 6a 38 26 82 49 98 c1 78 b2 05 fb ab b4 ab 66 ae 5a c3 72 ec b1 46 b0 37 9a db 77 34 1c fe 02 b5 f5 4f 0f 26 9b e1 b8 cd e7 88 d6 4b e9 5c 18 34 98 2d a3 66 58 fb b4 92 0e 41 f6 ae a7 4a 94 a3 cd
                                                                Data Ascii: =>eF9VM-9vI[|yju7nJ;"E}X-hn7v'bS1URva*t1&{Uwll-n I7/G;V+/-c~$I]>ko*[;==j8&IxfZrF7w4O&K\4-fXAJ
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 18 e3 ff 00 1a b0 8a 56 1d bf 74 af de a8 a4 b4 8e 56 57 95 9b 72 af ca b5 9f 36 a6 de ca 56 29 2c 77 08 ac 53 e6 fe ee ef e2 a2 4b 7d 46 4f be 9b bf e0 55 7e 4c c7 1a e3 ee 7d d5 a7 33 16 5c 9f 94 ee a7 ed 19 3f 57 4d 6a cc 68 ed ef 44 d8 75 da 37 7c db 9a af 47 6f e7 2e 0b 6d 1f ec fc b5 6d 62 cb 72 fb 85 4c b0 c4 ac a0 7c bf f0 1a 52 ac d9 70 c2 a5 b1 59 22 b7 81 73 e5 b4 8d b7 ee ab 7c b5 2d bf 9e d2 2b 3e d8 e3 da 7f 75 1f cb f9 9a 7c 9b 37 30 0b ba 9d 0c 27 a8 ac 5c ae 74 46 1a 86 dd b1 fd d5 51 fa d3 15 07 6d cc 37 7c db aa 6f dd 96 c4 8c ab fe f5 34 3c 66 4c 24 bb bf bd f2 d2 b9 af 50 f2 a3 91 98 05 e7 f4 a9 23 de 8d e5 f9 4b b7 ff 00 41 a7 a3 aa 6e 03 e6 2d fc 54 e0 fb e4 c5 4b 6c d2 28 45 60 17 ef 7c df dd a1 98 0e b5 3a ed e8 76 d4 53 18 fe 62
                                                                Data Ascii: VtVWr6V),wSK}FOU~L}3\?WMjhDu7|Go.mmbrL|RpY"s|-+>u|70'\tFQm7|o4<fL$P#KAn-TKl(E`|:vSb
                                                                2024-12-23 14:09:30 UTC16384INData Raw: f2 6a 39 75 2b 7e 9b 5b fe fa ae 32 e3 5e 07 a4 fc 55 66 d7 23 1c ee a8 59 7c db d8 a9 71 0d 18 ad 19 da cd aa 44 8c c6 3e bd 36 d5 6b 9b 93 22 e7 e6 c7 5a e3 ff 00 b6 c7 65 56 2d fe d5 4d 0e b9 27 cc 0f 96 a7 fd ea d1 60 26 b6 46 4f 3e a5 2d e4 75 b6 d7 8a ab 9f 29 bf da 6d d4 f9 26 81 b9 76 dd b7 fb d5 c7 4b ab 07 e5 db 9a 86 4d 5f 6f 1b b8 a3 ea 33 64 bc fa 9c 15 af 73 af 92 ea 38 d9 9b 72 d4 2d aa ca 24 e2 26 51 fe f0 ae 56 4d 62 0e 9b b9 ff 00 66 93 fb 6a 2d b8 dc d5 a7 d4 65 d5 18 3c fa 0f ed 1d 84 7a 8e d8 d8 9f de 16 fe f3 7d da 81 af 9a 4e 8a ab 5c 9f f6 9c 7b 72 25 a3 fb 48 bf fc b7 e3 fe f9 aa 58 19 76 33 96 7d 4e df 11 d8 25 c0 5d a7 cd 55 2b 53 43 a8 85 dc 59 95 8f f7 ab 85 5d 47 2d fe bf 8e 9b 6a 44 d5 11 3a b5 0f 2f 93 22 39 f4 56 c7 68 da
                                                                Data Ascii: j9u+~[2^Uf#Y|qD>6k"ZeV-M'`&FO>-u)m&vKM_o3ds8r-$&QVMbfj-e<z}N\{r%HXv3}N%]U+SCY]G-jD:/"9Vh


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                8192.168.2.649809150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:29 UTC375OUTGET /th?id=OADD2.10239402415504_17DDWI2WCHUD2N4TB&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:30 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 380972
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: A3EE46FA8C9B440995AD38B407DB47EF Ref B: EWR311000104017 Ref C: 2024-12-23T14:09:30Z
                                                                Date: Mon, 23 Dec 2024 14:09:30 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:30 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 32 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 31 30 3a 32 34 20 31 31 3a 30 33 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.12 (Windows)2024:10:24 11:03:058C
                                                                2024-12-23 14:09:30 UTC16384INData Raw: a6 f9 3c c1 8e a3 a7 43 d3 d6 bd 1c 05 2a 75 6a 72 4d 1c b9 95 4a d4 28 fb 5a 4d 69 ba 6b 73 a9 b1 d4 62 97 e7 0d 56 e7 94 49 0d 78 dd ae b9 aa e9 77 8d 0c be 64 52 c7 f7 a2 99 7e 65 ad 68 fc 71 a8 85 c1 8a 06 fc eb d1 a9 93 d5 52 f7 0f 2a 97 11 d0 69 7b 54 d3 3d 1d 25 1d 0d 6b 59 e8 37 77 36 ad 7f 6e cb 2c 50 ae 5b 6f cd 5e 6b a5 f8 ca da 56 5f b4 ab 44 7f 8b f8 85 7a 2f c2 6f 1e 69 1a 65 e5 d4 52 af da a1 ba 51 e6 47 1b 0e df 5e d5 c9 53 07 56 9f c4 8e c9 66 b4 ea d3 e6 c3 c9 37 db bf de 75 1e 1f bb d1 bc 21 a7 cf 16 b7 12 c5 1e a0 a5 be d6 d1 96 49 03 26 70 0f b7 b5 79 7f 89 b4 e4 9f 47 d4 35 27 55 95 77 34 96 ca 8a 55 d4 7b f7 35 d2 fc 41 d6 07 89 3c ab 72 ab 1d a4 12 19 62 8d a4 dd b7 27 f2 1e 94 78 5e 44 9e df fd 1b 6c f3 7c c1 63 5c 32 e4 74 06 a6
                                                                Data Ascii: <C*ujrMJ(ZMiksbVIxwdR~ehqR*i{T=%kY7w6n,P[o^kV_Dz/oieRQG^SVf7u!I&pyG5'Uw4U{5A<rb'x^Dl|c\2t
                                                                2024-12-23 14:09:30 UTC16384INData Raw: db f9 72 6c 35 f7 59 76 29 56 a2 af ba 3f 1d cf b2 e7 84 c4 b7 1d 9e a7 49 a6 df 5a 6a b0 c7 6d aa ca d1 79 7b 45 b4 b6 d1 a2 a4 23 a3 19 06 32 dc 7b d4 77 56 90 db ea 0d 15 bd e4 77 51 2b 63 cf 6f 91 5b f3 ed 59 9e 1d bd 1a 75 e7 9e 60 5b 9d aa 47 97 23 1d 99 3c 64 e3 d2 b5 af e7 d2 e4 ba 69 6c ad a4 82 de 48 c7 97 1c b7 3e 63 c6 ff 00 c4 78 03 82 7b 1e 95 dd 24 ac 78 31 72 4f c8 4b 93 68 ca d2 48 ad 24 d2 37 cc b0 e1 11 7e 9c 54 77 16 fa 74 f6 72 ba 4b 3c 17 51 b0 f2 e0 92 3d eb 20 ee 77 f1 b4 fe 15 a9 a5 7f 65 dd aa c0 fa 54 f3 cd 24 65 15 6d a7 3b 9a 43 d1 b1 cf 4f 41 55 f5 49 f5 03 71 15 cc f2 34 13 5b 30 10 33 47 b5 b2 87 8c b6 3e 66 1e f5 3c a5 3a 9d 0c 89 b4 db 8b 66 d9 3c 13 c5 27 f0 ac 91 15 eb 51 a2 9d d8 35 d5 f8 93 c7 3a fe bd 66 91 f8 8e 2b
                                                                Data Ascii: rl5Yv)V?IZjmy{E#2{wVwQ+co[Yu`[G#<dilH>cx{$x1rOKhH$7~TwtrK<Q= weT$em;COAUIq4[03G>f<:f<'Q5:f+
                                                                2024-12-23 14:09:30 UTC16384INData Raw: c4 6d 3f ed 3e 13 f1 05 b5 d3 2f 12 da 3f ee e7 84 fa 34 6d 83 fd 2b f3 51 ac fc be 63 dc df ec d3 24 28 b3 2c b0 45 24 57 51 36 e8 e5 8a 42 ae a3 d9 86 08 fa e6 b3 9c 23 3d d6 a7 34 f0 3f c8 ec 7e af b2 e5 b9 eb 49 b7 da be 12 f8 23 fb 50 7c 40 f0 ad ac 5a 3e b3 6d ff 00 09 6d 9c 0a 15 12 ee 61 1d dc 60 7a 4d d1 ff 00 e0 43 3e f5 ef 9e 03 fd ab 3e 1a 6b 5a 94 5a 67 88 62 d5 3c 25 7d 2e 36 ff 00 6b c2 16 0c 9e de 72 92 bf 89 c5 73 cb 0f 35 aa d5 1c 92 84 e1 f1 23 dc 71 4b b6 a3 b1 ba b5 bd b3 4b ab 1b 98 6e 6d a5 5c c7 2c 12 07 46 1e c4 71 53 57 2c 9b 4e cc 9d c6 6d a3 6d 49 8a 31 4a f7 02 3d b4 6d a7 e3 da 95 56 8e 60 b0 cd b4 6d a7 e3 de 8c 51 71 d8 66 da 36 d3 b3 4b 8f 7a 2e 85 66 47 b6 97 6d 39 85 18 f6 a0 6d 58 6e d3 46 da 7e 28 c5 2b 88 63 2d 1b 69
                                                                Data Ascii: m?>/?4m+Qc$(,E$WQ6B#=4?~I#P|@Z>mma`zMC>>kZZgb<%}.6krs5#qKKnm\,FqSW,NmmI1J=mV`mQqf6Kz.fGm9mXnF~(+c-i
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 64 e7 d7 91 53 3a 6f 6b 1a 53 c4 47 ab b2 38 19 a3 31 36 c7 ea bf dd a1 00 3c 96 ae 97 5c f0 bf 88 2c 26 8c ea 9a 53 5b c8 ca 04 70 49 84 79 87 41 b5 7a b7 bd 55 4d 32 da 69 23 cf ee 2e 37 61 a0 e5 99 8f b2 75 ac 1c 5a 3a e9 ce 12 5a 3b 98 6a ae 5b 0a dc d6 9e 9b a4 6a 17 11 ac 90 59 c9 2c 4d 26 cf 35 63 2e 99 f4 ca 8a e8 34 5f 09 cf 79 75 bf ec aa d1 b4 9b 62 dd 1b c7 1b 11 d3 39 c1 00 9f 5a f5 0f 0e f8 12 f7 40 f0 ed cb dd df 47 a6 c5 1e d9 27 59 6e cc 8c c4 ff 00 0a db c3 93 c6 78 2c 73 58 4a bd 18 7c 52 3b 63 85 c5 4d 7e ee 1b f7 d1 1e 55 a5 68 ba 74 52 2c 97 92 fd a6 48 db 12 d9 43 3f 97 33 67 a1 4f 94 f0 3d c5 6d e8 b6 96 ed 7c a5 34 e5 b6 54 63 b6 39 18 b3 7d 5d 9b a9 f7 c5 7a 1d c6 93 61 6b 66 d3 d9 c9 76 d6 d1 4a a6 36 6b 21 6f 73 24 84 60 ff 00
                                                                Data Ascii: dS:okSG816<\,&S[pIyAzUM2i#.7auZ:Z;j[jY,M&5c.4_yub9Z@G'Ynx,sXJ|R;cM~UhtR,HC?3gO=m|4Tc9}]zakfvJ6k!os$`
                                                                2024-12-23 14:09:30 UTC16384INData Raw: b6 ec 55 42 ab fc 3f 75 bf 3a b2 da 6a 4b 0e fb 4b 98 a7 ff 00 c7 76 8f 7a a7 25 bc 90 73 22 ed 0d fc 55 7a 93 1d 36 37 34 3f 13 dc 69 fe 63 ee 99 8b 60 2c 6b 8d 98 ef 9f fe b5 75 7a 67 89 f4 bb f5 54 92 29 e3 6d bf 7b 8f 99 ff 00 c2 bc cd c6 7a 75 a9 2d a7 96 09 15 d6 b8 b1 18 38 55 d6 da 9e c6 07 35 ad 86 69 37 78 f6 3d 26 49 11 9b 21 b7 0a 6c ed b9 70 5b cc 35 8d a0 df 79 d6 eb bf ef 2a fc d5 a0 a4 9a f1 27 4e 50 93 47 d9 d2 ad 4e b5 35 35 d4 8a e6 1c f4 aa cd 19 11 b2 0e 8d f7 be 5f bd 57 18 e7 8a 16 35 1f ed 56 91 a8 d2 39 ea d1 8c fa 19 73 58 fc ac 42 d5 2b 9b 00 63 f9 62 db fd ef 9a ba 16 40 7a ad 43 24 01 9b da ba 29 e2 1a 7b 9c 35 b0 10 9a d1 1c db 59 63 90 db 4d 57 b8 b6 90 f5 dc df ef 57 4b 2d ba f4 db 55 a6 b6 25 b1 b6 ba a1 8a ee cf 2e b6 5a
                                                                Data Ascii: UB?u:jKKvz%s"Uz674?ic`,kuzgT)m{zu-8U5i7x=&I!lp[5y*'NPGN55_W5V9sXB+cb@zC$){5YcMWWK-U%.Z
                                                                2024-12-23 14:09:30 UTC16384INData Raw: fb 41 8e ab a4 5b 5f 43 1f 2c ad bf e5 1e b8 56 19 ae be c7 5d d1 35 4d 72 4b b8 9a 08 a1 56 fd d2 32 94 5f f8 08 27 3f a9 ae 0c 46 12 b5 1a 7c d2 8e 87 b5 82 ce b0 98 ba ea 9d 39 d9 be e3 9a d1 e2 69 9f f8 63 6c 6e 6c 2e e3 ec 3a fe 95 13 9f 4a bf aa f9 57 13 2b c0 d1 e3 6f f0 fd ea a7 e4 b9 55 27 a5 79 0a 77 d5 9f 5c a1 ca ac b5 20 27 d6 9a c4 0a b5 f6 6f e1 dd ff 00 8e d3 3c 80 78 74 6a ae 64 4c a2 da 2a 70 7a d5 7b 84 51 d2 af 4d 6a 43 7d fa 88 c1 db b5 69 19 23 9e a4 5f 53 3d b1 f7 5a a2 99 50 2f 15 7a 48 9d 24 da 57 6d 23 59 a7 cb f3 6e 66 ff 00 66 b7 8b b1 c3 38 dd d8 c7 b8 0c 38 15 17 92 5b e7 dd b4 ff 00 0e da e8 a6 d3 01 87 f7 31 72 bc b3 33 7a fd 6b 3f ec 47 73 79 7f 37 fb b5 bc 2b 25 b1 c3 53 0f 7d d6 86 5c 96 c1 17 2e de 69 93 f8 b9 66 a8 1a
                                                                Data Ascii: A[_C,V]5MrKV2_'?F|9iclnl.:JW+oU'yw\ 'o<xtjdL*pz{QMjC}i#_S=ZP/zH$Wm#Ynff88[1r3zk?Gsy7+%S}\.if
                                                                2024-12-23 14:09:30 UTC16069INData Raw: 3f 34 8f 53 95 15 9a df e6 fb ab 9a 4f 20 9f e1 db 56 b9 3d 29 af bc 2b 63 ad 1c cc 5c a9 11 c7 94 f9 b6 ee a7 a3 87 6e 29 98 91 97 8a 96 d9 47 fc b4 5e 68 64 eb 72 68 c2 f5 dd c7 f7 76 d2 f2 ab c2 b3 7f 77 f8 69 18 a8 6f 91 59 b6 ff 00 76 9b 23 b2 fd f5 e2 b3 b5 cd 51 13 c2 26 ea cb 85 a7 5b 84 45 c0 5d c7 fb d4 bb dc 6d fd d5 4b 1c bb ba d5 5d d8 56 57 b8 d8 e6 d8 d9 29 26 3f ba d8 a9 d2 74 6e 4f ca 3f dd a4 52 0f 55 e6 9c d1 a6 dc 05 e3 fd ea 87 63 44 a4 85 59 62 2b c7 dd a6 6f 5d dc 2b 31 a8 a6 01 55 bf 84 7f bd 50 34 8a 3a 35 35 1b 8a 55 1a 26 92 e8 af fb 27 fd ed d5 5a 4b 89 37 73 f3 7f c0 69 ac 41 5c 96 5c d5 79 1d c2 ec 33 ad 6b 18 a3 39 56 d4 9a 4b 96 46 c9 6e 3f da aa 72 90 78 45 e2 91 c9 ee ca d5 52 69 11 59 81 6a da 30 b9 8c b1 0a da b1 f7 0e
                                                                Data Ascii: ?4SO V=)+c\n)G^hdrhvwioYv#Q&[E]mK]VW)&?tnO?RUcDYb+o]+1UP4:55U&'ZK7siA\\y3k9VKFn?rxERiYj0
                                                                2024-12-23 14:09:30 UTC16384INData Raw: 6d eb ff 00 8f 53 e5 8a 0f 6b 53 b8 47 79 7a ad f2 ca ac 3f ba d5 61 6f 67 7f be df f8 f5 52 45 b7 55 f9 3f a5 49 19 4d d8 1b b6 fe 14 38 c3 b0 2a f5 7f 98 b4 97 53 06 e7 a7 f0 d4 df da 97 01 b6 47 3a af fc 0a aa 66 22 b8 3f 29 a6 ac 69 f7 c4 aa c7 fb b5 3e ce 0f 74 52 c4 56 5b 48 92 f2 f6 e4 6e 7f b4 f3 fd ef bd 55 97 54 bd 66 c1 9f 77 fe cd 53 0d bf c6 ab 27 fb b9 a4 62 07 dd 89 7f ef 9a 6a 30 5d 06 f1 15 bf 9d 92 c7 a8 5d f4 32 d4 8b 77 74 39 13 b5 54 20 b7 25 78 ff 00 66 8f bc d9 fb b4 b9 21 d8 bf ac 56 fe 66 5d fb 75 c8 5c 79 ed 8a 6c b7 13 6d e6 76 ff 00 be aa bb 1d ab 83 ff 00 a1 52 7c ff 00 29 1b 73 47 24 7b 07 d6 2a b5 f1 32 78 66 b8 0c cf e6 f0 bf ec d2 b5 ec e7 8f 36 a2 65 1d 5e 55 ff 00 76 9d 1e c1 fc 34 72 c7 b0 bd bd 65 f6 87 ac f2 ed e6 76
                                                                Data Ascii: mSkSGyz?aogREU?IM8*SG:f"?)i>tRV[HnUTfwS'bj0]]2wt9T %xf!Vf]u\ylmvR|)sG${*2xf6e^Uv4rev
                                                                2024-12-23 14:09:30 UTC16384INData Raw: a0 ea b4 8d 1c 67 fe 59 6d aa f7 49 b6 a3 e3 bc 01 be f3 2f fe 83 52 2d d6 ee 37 b3 55 63 6e 0f 21 69 56 30 9c fd d6 a1 f2 db 41 ea 58 62 c7 76 1a a0 b9 c8 5c 89 55 a8 90 1d df 7a a3 78 83 b5 4a dc 2f 7e 85 5b 89 df 76 04 aa df ee d3 4b 12 bf 7a ac b4 00 7f 0d 2a db 81 cd 6d cd 14 88 57 b9 4f a7 de 65 a6 3b 7f 71 77 55 c9 2d 03 f1 b7 fe f9 a8 9b 4e ca ff 00 74 55 29 c5 8b 52 ac 2f b5 98 9e ad ce da 9f 74 2d d5 6a 44 d3 9c 74 dc c2 a7 5b 3d bc 6d 6c d2 94 e3 71 59 a4 53 56 da d8 4f 94 d4 d1 c9 20 a9 5a d9 ff 00 b9 4b 0d b1 fe ed 27 24 d0 72 bb 9c 87 f6 8e a0 7a 6e 56 a5 6b cd 43 fe 7a b2 d6 ab d9 c3 fc 57 34 e4 b3 b4 db fe bf fe fa ae ff 00 69 0f e5 38 b9 2a 5f 56 64 3d c5 e3 75 9e 4c d2 a3 5e 1f f9 6f 27 fd f5 5b 69 67 6d b7 fd 7a b7 fc 06 86 b4 b6 0d cc
                                                                Data Ascii: gYmI/R-7Ucn!iV0AXbv\UzxJ/~[vKz*mWOe;qwU-NtU)R/t-jDt[=mlqYSVO ZK'$rznVkCzW4i8*_Vd=uL^o'[igmz


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                9192.168.2.649822150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:31 UTC346OUTGET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:32 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 770657
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: C2E756B8120141E4BAEE5BB633B1520D Ref B: EWR311000104031 Ref C: 2024-12-23T14:09:32Z
                                                                Date: Mon, 23 Dec 2024 14:09:32 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:32 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1d 32 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 34 3a 32 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``2ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:24:228
                                                                2024-12-23 14:09:32 UTC16384INData Raw: 0b 78 e3 7b ab 74 4f dd f9 92 7e f2 9d 1c 7f be ff 00 9e 94 f8 e0 ba d4 25 93 64 3e 63 f9 7e 67 fc 05 6a 25 36 d9 29 b5 a3 35 fe 23 e9 ba 1c 36 b6 49 a0 c5 37 da 23 89 ff 00 b4 7c cf ef ef f9 76 d7 22 ac 16 df 8f bd 5d 4f 8b 7c 41 7f e2 cf 11 7d b5 ec ed 6d fc bb 78 63 78 ed a2 d8 9b 63 4d 95 ca 6d fd ec 89 5a 42 2d a4 69 87 52 50 e5 93 d5 13 aa ff 00 c4 bf e4 aa ac af dc 50 ff 00 2c 7b 28 69 5d aa ad 63 a2 31 68 6b f5 a3 9a 73 26 df 9c 0f 96 9b cd 05 8e ff 00 96 34 de 68 e6 8e 68 00 e6 8e 69 cb 1f f7 a9 bc d0 17 4c 3f da a7 03 ba 3d b4 22 bd 3a dd 6a 89 6e c4 6e bb 68 e6 a4 8e 2d d2 d2 48 86 36 c0 a4 87 75 7b 0c e6 8e 69 d1 ae fa 3c b3 eb 45 82 e3 79 a3 9a 1d 76 d1 cd 21 87 35 35 93 22 c9 f3 d4 28 db 6b 63 45 82 c6 ef 52 8c 6a 13 79 10 6c df 21 a6 95 d9
                                                                Data Ascii: x{tO~%d>c~gj%6)5#6I7#|v"]O|A}mxcxcMmZB-iRPP,{(i]c1hks&4hhiL?=":jnnh-H6u{i<Eyv!55"(kcERjyl!
                                                                2024-12-23 14:09:32 UTC16384INData Raw: bd fe 83 27 ef ff 00 d4 ef f2 ed db f8 eb 83 f1 3e ab 69 a2 eb 91 e8 be 1b ff 00 4c b5 d2 ee 61 ff 00 48 b9 fb f7 72 af fe cb 5c 55 31 d1 c4 41 fd 5d ea 8c 6a 62 9d 59 25 05 6b 1f 5d 7c 24 d4 f4 5b dd 26 4b 5b db 3f b1 49 1f ee fc b8 a2 df e6 4b fe fd 73 fe 22 f8 9e fe 1d b4 d3 6e af b4 29 7f b1 e3 d4 66 b7 92 48 e5 fe 35 fe ea ff 00 15 72 5e 16 f1 7f 88 25 f1 16 8b a4 09 ad 23 ba 92 54 8e 4f f9 f7 b4 9e 4f 9d bf df f9 6b cf a4 6d 4a e3 56 92 d7 c7 1a c5 af 91 1c 93 7d 8a 3f b5 a3 fe f7 7e e6 7d bf ed 57 c3 bc bf eb 71 9c 71 11 f7 7f 33 9e 12 82 ab a1 ec 57 5a be ab f1 92 ee db fb 77 4e d4 34 af 09 69 f1 ba 69 d6 d1 7d fb f7 6f e3 7f f6 56 bc 37 e3 b7 c2 0d 73 4f f1 5e 81 68 9a ec be 25 92 e2 3d 9f 67 8a 2f df 41 12 bf f8 57 b0 78 57 e2 d7 87 bf e1 20 b1
                                                                Data Ascii: '>iLaHr\U1A]jbY%k]|$[&K[?IKs"n)fH5r^%#TOOkmJV}?~}Wqq3WZwN4ii}oV7sO^h%=g/AWxW
                                                                2024-12-23 14:09:32 UTC16384INData Raw: 99 ef 74 fb 7f ec eb 3f b4 5c dc 1f fd 14 9f ed 9a 9c b3 19 89 95 06 f1 aa d2 2f 09 8a a9 ca fd ba d4 f3 85 2e df 20 34 f8 ed 9d be e8 af 5b f8 b3 f0 96 c7 c1 1e 03 b2 bd 9f 52 9a e3 5e b8 d9 25 cd b4 71 6d 8a d1 19 33 c9 fe f5 64 78 12 d6 1b af 09 49 0d b6 93 0e f9 24 f2 2e 35 5b 89 7e 48 f3 ce d5 af 46 96 32 95 58 39 d3 77 46 f2 c7 41 d3 e7 a7 ae b6 3c df e7 fb 95 63 cd 55 fd d3 d5 9f 11 49 6d fd a1 b6 0f 9e 38 fe 5a a3 94 69 2b a2 32 ba 4c ea 4f 9e 2a 4d 58 5b a9 de 6f f7 6a 1e 6a e3 b2 34 5b 2a 29 a4 23 e4 aa ea 54 65 6d 12 20 e6 a4 8d bf 73 42 c5 23 7c d5 24 cb ba 3d ff 00 72 9d d1 4d ab 85 d2 7f ab fd ef 99 be 8d ab 0f cd fe b2 a1 64 db 4e dc eb 15 08 56 d0 6e e7 6a b1 1d b7 f0 7f 1d 57 b5 ff 00 59 5a 5e 6a 5b cb f3 d4 39 34 45 49 35 a2 28 dc db b4
                                                                Data Ascii: t?\/. 4[R^%qm3dxI$.5[~HF2X9wFA<cUIm8Zi+2LO*MX[ojj4[*)#Tem sB#|$=rMdNVnjWYZ^j[94EI5(
                                                                2024-12-23 14:09:32 UTC16384INData Raw: 15 68 c1 73 33 47 b3 fd 5a 54 1a a7 96 ad f2 7c f4 2d 47 19 c9 ce cc ac a2 2a 87 9a b9 a6 d9 fd a3 ee d4 ad 06 d8 be 4a 6d 97 ed 62 9b 45 5d a8 b4 54 f6 f0 7f 1d 14 73 10 ea 24 cf b3 75 9f 0d 5a 68 fa 4d 8d d7 89 34 db bb d8 ed ed bf d1 a4 ff 00 96 37 0f bf e7 db 5d 7e 9b e0 5d 26 e3 49 b6 d5 2f 61 b4 b2 fd da 7d 9a 49 7f b9 fe ed 6f 7c 5b f1 c5 84 5a 7d 8e 82 f3 5a 49 a6 c7 fe 97 1e a5 e5 7c f1 bc ae ff 00 c3 ef 55 60 9e 0b 2d 12 c7 4b ba 9a 6f b5 5e d9 3c 92 49 ff 00 3e fb 7f b9 5f 9a d6 c5 e2 39 2f 1d cf 46 58 67 4d b2 69 fc 4b a2 da 43 e4 59 4d e6 47 65 27 97 fe ab fe 05 5c 04 7a d4 1f f0 b2 24 4d 46 ce 69 20 b8 fd e7 97 ff 00 3e ff 00 ed 57 5b e1 1b c9 f5 5f b3 59 3e 9b 34 7e 67 fa 44 97 32 c4 9b ee 3f 87 ee d5 af 8b 9e 13 f0 f6 89 e0 8b ed 5d e1 f3
                                                                Data Ascii: hs3GZT|-G*JmbE]Ts$uZhM47]~]&I/a}Io|[Z}ZI|U`-Ko^<I>_9/FXgMiKCYMGe'\z$MFi >W[_Y>4~gD2?]
                                                                2024-12-23 14:09:32 UTC16384INData Raw: f3 c3 e6 6a 5f f2 d3 f8 d2 37 6a ee af be 18 5f de ea 1a 6d d4 fe 2a fb 45 f5 94 9e 5c 76 57 31 79 2f 6e ec 9f fa 0d 79 b7 8d 3e 1c f8 de 28 63 79 ec e6 b7 82 f6 f7 cb 96 48 a5 fe ef f7 bf d9 a8 a3 8a 8b 4e 30 91 95 6c b6 1f 0d b4 3b 29 ec 74 5d 6f 50 b2 d3 be d9 fd 9d 3c 9f e8 f7 3f f4 cd ff 00 bd 4c d5 7c 43 7f e1 fb bf ec 4b 29 bf b4 63 b7 fd e7 da 6d be 4f 31 fe ef cc ff 00 ec d6 27 86 7c 35 e2 1f 10 78 8a 4b 28 fc 98 ee ad f7 dd fe f6 5f ee a7 f1 32 fd e6 6a e4 bc 63 73 ad 68 ff 00 66 df 67 0f 99 e5 cd e6 47 14 4f e4 c6 ec 9f c5 fe e5 4d 39 55 94 ed 27 73 97 fb 35 53 5c ed 68 7a 36 a4 ba 16 b7 34 68 97 9f 6d f2 ed 93 cc fd ef fa b7 6a b9 a5 2e 93 a7 fe e2 ca 1f 2e b9 0d 3b 5c d4 a5 f0 cc 69 fd 9b 69 fe b5 24 f3 22 8b fd 8a 96 38 35 29 61 df 6b fe be
                                                                Data Ascii: j_7j_m*E\vW1y/ny>(cyHN0l;)t]oP<?L|CK)cmO1'|5xK(_2jcshfgGOM9U's5S\hz64hmj..;\ii$"85)ak
                                                                2024-12-23 14:09:32 UTC16384INData Raw: ba df ed a8 2e 3c cb a9 ff 00 e5 a7 fa cf 36 bc df 4b 91 e5 f9 fc a9 77 d6 c4 0b 3b cb b1 ff 00 d5 d7 7c 68 26 96 87 85 3c 47 22 69 ee 6b be 9b a6 ea 1a 8e cb 5f dd d5 8f f8 43 65 96 6d 90 4f 17 fd b4 a9 fc 3f a7 c6 f5 d3 41 02 27 dc ad 9d 47 0d 13 39 14 79 f5 67 25 07 83 2f 1f ef 98 a9 ff 00 f0 88 dc 27 78 ab b8 b5 8a 0a 9a 78 a3 fb e9 53 f5 99 5c cf d9 3e a7 11 6b e1 af f9 e9 35 6c e9 ba 2c 76 ff 00 72 b6 7c aa 73 c5 b2 94 ab 39 22 52 51 77 48 ce 8f 4f df 35 4f 05 9c 76 f7 75 6a 3f 33 ee 24 35 76 d6 0f ef d6 13 e6 5a 95 ed 17 72 7d 1e da 34 9b 7f fc b4 ae a2 c6 29 1e b1 ac 62 f2 a6 de f5 a9 6b 73 1b 4d bd 2b c4 c5 46 52 67 45 0a 96 57 2d 3a c1 14 df 24 3e 65 61 dd 4b a6 e9 9e 64 f3 cd fb cf f5 9f bd ab 57 d3 dd bc db 2d 61 9a 4f fa 69 5c d5 df 85 75 6d
                                                                Data Ascii: .<6Kw;|h&<G"ik_CemO?A'G9yg%/'xxS\>k5l,vr|s9"RQwHO5Ovuj?3$5vZr}4)bksM+FRgEW-:$>eaKdW-aOi\um
                                                                2024-12-23 14:09:33 UTC16069INData Raw: 8f 65 c4 77 16 fb f8 7f e1 fb b5 32 c9 6b 28 ba 91 76 5d 11 c7 ed 94 ee a5 23 b6 f8 bb aa 47 67 e1 3f 09 a4 3a 76 a0 f2 69 d2 5c c1 a8 db 4b 2f fc bc 79 db be 7f ae ea ea be 1c ff 00 c2 35 e2 5b 48 dd fc 9f 3e 3b 67 b7 d4 ac af a2 f2 52 39 77 ff 00 0f f2 ae 0f c3 37 9f 6b fb 4e 91 3d 9c d2 6a 3a ac 6f 27 99 e6 ef 78 ee 17 2f 13 ff 00 8d 50 f0 7d 8f 8a 3f b7 23 83 57 bc 9a 38 24 df 77 e5 c7 f3 fd a2 7f e0 8f e5 fe 2d d5 d5 0a 3f bb e5 96 8c eb a3 ee ca e7 b2 78 f3 e0 cf 84 2d f4 48 d2 cb 52 fd fd c6 ff 00 2e db 4d 89 26 79 3e 4a f0 2d 63 4c fe cf b4 b2 df ac 7d 8e ef 4e 8f f7 91 c9 0b a3 f9 bb fe e7 fb 4c b5 ea fa 8e ab e2 ff 00 0a 1b dd 52 7b c8 b4 ef 13 5c 5b 79 9f 66 92 2f dc c6 8d f7 bf d9 e6 b8 0f 12 78 e6 0f 14 69 d2 5d 6b a6 59 35 8d 3e 5f b5 f9 92
                                                                Data Ascii: ew2k(v]#Gg?:vi\K/y5[H>;gR9w7kN=j:o'x/P}?#W8$w-?x-HR.M&y>J-cL}NLR{\[yf/xi]kY5>_
                                                                2024-12-23 14:09:33 UTC16384INData Raw: 11 41 27 d9 7e d2 92 e2 85 14 55 d2 2a f3 57 34 75 df 36 cf 27 cc a2 c6 da 36 8f 7c b3 79 75 0a ef 4b 8f dd 49 f3 7a d3 50 e5 64 3d 74 24 78 3f d2 b6 4d fb ba af 37 de 15 af 1d a4 d7 56 d9 f3 62 46 ac a9 e0 92 29 76 3d 54 d6 9a 21 45 dc 6f 98 7d 2a 58 f6 34 7f 3d 40 dc 1a 73 ff 00 b1 59 f3 3b 94 e3 71 d2 37 ef be 4a 6c 8d ba 9b cd 1c d2 94 ae 50 73 52 db cd b0 e1 fe e5 45 cd 1c d2 57 4c 03 69 a1 1b 6d 58 b1 29 e6 6c 7f e3 a4 ba 48 e2 9b 62 1f 32 ab 95 0a e3 60 9e 68 a6 f3 93 ef d1 51 3f 5a 2a 6e fb 87 2a 3d df c5 5a d7 89 2d fc 79 a2 7c 42 d2 ec ff 00 d2 bc bf b3 c7 e6 c5 bd 24 75 fd df fe 83 5e 71 7d af 5d ea 7e 36 d3 af 7c 4f 7b a8 48 2d e5 fd e0 3f f2 c3 e7 dd b5 3d b3 5f 58 78 ba c7 49 d7 7c c8 2f 74 d8 74 e9 3c cf 32 3f 2a 5d 89 5e 27 f1 0b c1 d3 dd
                                                                Data Ascii: A'~U*W4u6'6|yuKIzPd=t$x?M7VbF)v=T!Eo}*X4=@sY;q7JlPsREWLimX)lHb2`hQ?Z*n*=Z-y|B$u^q}]~6|O{H-?=_XxI|/tt<2?*]^'
                                                                2024-12-23 14:09:33 UTC16384INData Raw: 0d 68 41 3d a2 5a 6c 9e ad 6d 8e 2b 4d f0 7f cb 4a 9e 66 3e 5b ee 57 8e 78 12 1a af 25 f4 69 0f 97 07 ee ea 8c 9e 7a 7f d7 3a af 1b 6d f9 e9 f2 8d 24 8b 1b 63 fb ef 53 fd 99 25 8b fd 4f 97 54 3c f9 1a ad 7d af f7 35 4b 64 05 39 b7 a7 c8 69 02 1d 9b aa 46 64 63 c0 d9 4d 98 22 cb f2 1d e2 a6 56 dc a1 9c d4 d6 26 dc 4b fe 93 14 92 27 a4 66 a1 e6 8e 6b 30 34 af 2c 2d 16 c7 ed 56 ba 94 32 73 fe aa 4f 96 5a cd e6 8e 68 e6 80 0e 68 a1 7a d1 5a 28 b6 07 de ba a2 c1 a5 78 66 3b bb a8 6d 35 5b af f9 e7 7d 0f 9d e5 a3 27 ee fe f7 f1 ef f9 6b 9e 9b fb 27 c5 ba 4c 7e 27 be b3 9a 48 2c ef 52 3f b3 47 f7 27 b7 d8 9e 6a ff 00 c0 2b b2 d5 7c 2b 7f e2 59 a4 b5 b5 fe cf fd de a3 6d 3f da 7c df 9e 44 5a 2f bc 23 27 86 b4 3f ec 84 9a 18 ed 74 e8 a6 b8 f3 3f e7 e3 77 cc ab fe
                                                                Data Ascii: hA=Zlm+MJf>[Wx%iz:m$cS%OT<}5Kd9iFdcM"V&K'fk04,-V2sOZhhzZ(xf;m5[}'k'L~'H,R?G'j+|+Ym?|DZ/#'?t?w


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                10192.168.2.649829150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:34 UTC375OUTGET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:34 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 835660
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: EE1BCB6FB9E844E591805887C4C1E615 Ref B: EWR30EDGE0917 Ref C: 2024-12-23T14:09:34Z
                                                                Date: Mon, 23 Dec 2024 14:09:33 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:34 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1c 64 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 33 3a 34 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``dExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:23:408
                                                                2024-12-23 14:09:34 UTC16384INData Raw: fd f2 c9 27 cd ff 00 2c 69 d1 c7 3f 97 b9 53 e5 6f e3 aa 52 95 f7 38 6b 6a b5 64 72 47 e5 41 e5 af fa b6 fe 0a a2 b0 2a 49 be 34 dd b6 ad dd 45 2b c8 9f bc 8d da ab 63 3b be 7d ad 5b 43 53 86 a4 ba 14 e6 6d af ba 3f bd 51 b1 95 a4 ab d3 27 97 fd da af 70 aa 7e 65 ad 14 50 e1 3b 91 ac bf dd 4a 31 24 8f fe f5 3d 91 47 dd 7f 9a a5 b7 45 f3 37 48 ff 00 2d 1a 0d c9 21 ab 6c d6 bf bd 3f 35 41 71 27 99 f7 aa cd d6 d2 fb 43 ff 00 c0 aa ab 06 67 da b5 36 08 5d ea f7 22 64 6a 23 4c 7d ea b3 e5 7c 9c 54 a6 2d bf 7a 8d 8a 75 0a 6a 1b 75 5c b7 2c 29 70 b5 23 47 f2 ee a6 8c a5 52 e5 ab 39 3c df f7 aa d4 47 1f 76 b3 6d 65 f2 fe 5a d0 b7 7d d4 8e 2a b1 b3 f2 2d c6 8c d4 93 44 bf c5 4f 8d d7 7e d5 ff 00 81 54 db 73 d6 8d ce 27 26 99 4d 76 fd c5 4a 9e 35 53 f2 d0 d1 fc f4
                                                                Data Ascii: ',i?SoR8kjdrGA*I4E+c;}[CSm?Q'p~eP;J1$=GE7H-!l?5Aq'Cg6]"dj#L}|T-zuju\,)p#GR9<GvmeZ}*-DO~Ts'&MvJ5S
                                                                2024-12-23 14:09:34 UTC16384INData Raw: c1 24 5f f3 f7 e4 c8 bf 6c 7f b9 9f 9f 9f 94 ee ae 4b c3 be 24 b1 d7 b5 5d 26 f2 4d 76 ea de 4f 9b ed 71 43 b5 9b 9d fb b6 f0 31 9f ba 77 67 e5 ad 3f b4 58 ea 3e 2a 5d 37 4b d7 92 5d 3f ec fe 57 92 ef 27 9f 32 ed d8 51 8a af de 46 e4 0f 4a d6 38 49 54 4e 37 e5 fc cf 62 9c e5 5a 16 93 1b aa 58 68 be 64 d6 77 9e 1e 82 5b 88 bf 7f 6f 35 a4 0b 3c f6 79 fb b1 e1 ff 00 8b ee f4 5c d7 25 e3 2f 08 bc 1a 83 6a ba c6 85 ac 45 75 3b ac 76 2f 7d 1b 5a ad 9a 8f bb e5 27 43 fe 73 5e 91 63 f6 6f 07 f8 ab fb 63 c2 ff 00 f0 91 c5 34 56 fb 5d f5 68 3c fb 37 90 af cb f3 a1 dc 9e d5 e7 9f 1a a4 f1 7c 57 56 fa 96 a1 ab 5d 4f ab 5e 6e 93 ec f7 73 ac ed 6a bf ec 7c d8 da 47 d2 bb 30 35 31 34 2b a8 c6 dc bd db 6f ee 5f ad ce 2a 98 58 c6 77 b1 e7 fe 28 f1 4d 9f 87 ee ae ed f4 fb
                                                                Data Ascii: $_lK$]&MvOqC1wg?X>*]7K]?W'2QFJ8ITN7bZXhdw[o5<y\%/jEu;v/}Z'Cs^coc4V]h<7|WV]O^nsj|G0514+o_*Xw(M
                                                                2024-12-23 14:09:34 UTC16384INData Raw: c2 c5 1b 7b 7f a4 5c 3b 45 3b e5 bf da c8 e0 7f 74 54 77 5e 21 d7 2f ee ad e1 f0 ae 9b 1b 69 ff 00 6b 68 a5 86 ee e9 a5 fb 4a 86 f9 9e 2f 37 3b 91 4f f7 5b 23 d2 b6 ef b5 4f 0e 6a f6 3f 65 ff 00 89 ad be b5 14 cd 14 df 67 4f dd 4d 1f f7 70 f8 08 cb b7 b1 ae 9a b8 74 af 28 68 df 5e a6 d0 ad 39 db 99 68 50 9b c5 12 e8 9a 6a 5c 6a 17 fe 6c 76 bf 2a 5c 79 7f 71 8b 7d ef f6 c5 69 37 8a e3 d2 3c 54 8d a7 c1 23 42 d0 aa dc 5b c3 f3 2b b7 97 f3 4b bb 77 7d db f3 f4 ac df 1a 41 e1 cd 7b c3 30 d9 e9 be 65 d3 7d ad 7e dc f3 3b 79 bb 47 f0 c6 bf 77 6f cb cb 2f f0 d6 3c 97 1a 36 93 a9 4d 75 fd a5 6b fd 9b 15 a4 3b 2f ac 77 4f b3 7a f0 a3 23 e4 db b3 9a e4 a7 84 52 a7 7b 6a cc ea 62 39 aa 28 5f 44 77 eb e2 bb 3d 2f ed 7a b4 97 f2 34 cb 6f e5 42 9b 15 9b ea 71 c3 57 1f
                                                                Data Ascii: {\;E;tTw^!/ikhJ/7;O[#Oj?egOMpt(h^9hPj\jlv*\yq}i7<T#B[+Kw}A{0e}~;yGwo/<6Muk;/wOz#R{jb9(_Dw=/z4oBqW
                                                                2024-12-23 14:09:34 UTC16384INData Raw: d4 f1 e4 f0 4f e3 14 d6 9a c6 d6 fe 15 99 96 6b 4d 8b b5 23 0b 80 0d 75 37 5a 47 82 6f 2e ad ef 26 82 35 fb 46 d5 89 13 e5 fd e1 ff 00 57 f2 8f bb 5c 4a bf b2 84 6a 49 b6 e4 bf a4 6d 28 ab b5 d1 1c 4a cf 73 6b 3f 9d 67 e6 5b c7 2a 2e c7 77 dc af f2 8f 97 d0 f5 e4 76 ad 7d 3f 50 b3 b7 d3 7e c2 b1 c0 cd 2b af da 13 63 79 5b 7a fc f5 9f e3 23 2e 9b a9 5c 47 e4 79 b0 da bc 8b 0f cf e6 f9 39 c2 02 bd b7 66 ad 78 46 ca f2 d6 7b 18 f5 0b 4b ab 8d 16 f2 66 89 37 ce b7 52 c2 c5 b6 3f cb c3 2f ad 6b 2c 3c 2b 43 9d 7a 82 aa e0 56 f1 06 8f e1 36 d0 ef af 23 d2 64 ba 6d eb 3d c2 23 b6 de 57 1b be 6f e1 03 ff 00 1e ac 8d 1f c1 fa 44 f3 ea 0b a6 ea 5f 60 fb 3d db 4f 35 c3 dd 47 6b 14 2a 57 6a 05 77 fb df f0 1e b5 df dc 78 93 4f b3 d5 6e e3 59 2c 62 b8 b7 45 8a 1f b4 47
                                                                Data Ascii: OkM#u7ZGo.&5FW\JjIm(Jsk?g[*.wv}?P~+cy[z#.\Gy9fxF{Kf7R?/k,<+CzV6#dm=#WoD_`=O5Gk*WjwxOnY,bEG
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 75 1f 85 6e e5 15 4a 4a 4b 6f d0 d3 0f 5e a3 9b 8d f4 46 fd 8e 9f a3 5b dd 5c 79 9a 2f db fe 75 59 b6 22 ed 75 ec bf 7b 3f 85 4b 75 06 95 0d f5 c6 a1 71 77 6b a3 5a c5 fe 9d 71 6c 9b 9b ed 32 0e df 37 1c 74 0b eb 51 e8 fa ce a5 06 a9 fd 93 a4 f8 7b 43 d4 7e cf e6 45 6f 7d e7 b2 cf 37 4c 3c 9f c2 d8 eb da b2 35 8f 0f f8 f1 75 cd b7 5a 6e 9d 71 35 e7 ef f6 3c eb 2a a3 6e f9 47 5c 27 0d f8 d7 24 a2 e4 ec de e7 75 4a f4 55 ae 53 9b e2 2d a6 ad e2 3b b9 21 9e fa 2f 36 25 68 5f e5 5f 25 51 be 7f 97 ee b7 bd 77 3e 1b 95 6f 77 dc 2e a5 26 a8 ab 71 fb eb 7b 89 fe 59 94 2e ef 2f d7 7f 6e 78 f9 78 35 e1 ea d7 9f f0 94 26 9b 71 63 e4 2c 57 2a b7 d2 bd 92 fc f3 19 33 b3 76 7e 4c 7c d8 ad ff 00 0e c5 ae 5c f8 c2 d3 4f d0 63 d5 6f d5 62 f9 e5 74 f2 9b ef 79 92 21 d9 90
                                                                Data Ascii: unJJKo^F[\y/uY"u{?KuqwkZql27tQ{C~Eo}7L<5uZnq5<*nG\'$uJUS-;!/6%h__%Qw>ow.&q{Y./nxx5&qc,W*3v~L|\Ocobty!
                                                                2024-12-23 14:09:34 UTC16384INData Raw: a2 df dd 69 b1 dc 43 b6 de 17 83 cd df 1c 6c 33 b7 76 07 bf f7 ab bd 61 60 e0 9b 96 9e a2 72 b7 bd 73 27 c4 c7 c4 be 28 92 6d 3f 47 d3 75 2f b5 7f aa 87 c9 db 13 24 83 38 f3 a4 cf c9 bc 71 b1 7f 13 5d 57 8c 3c 35 63 75 e0 38 61 bc 83 fe 26 9a 4b ab 5d df 4d 74 b1 6f 8c 28 f3 36 aa f4 cb f4 f5 15 c8 f8 cb 5b d7 2e a7 d2 61 87 56 8e ea f1 51 65 b8 b7 44 dd fb ce 4f fa b1 f7 f0 bb 78 cd 5a f0 df 8d f5 3b 3b 19 ac fc 69 e7 dd 5a dc 5c 2f fa 3d ba 2c 4b b7 b7 98 c9 bb 72 83 db b5 75 d1 aa a1 4e 2e 0b 4f c4 c6 53 4f 5d cd 3d 43 e1 dd e6 93 a5 4d 6a b1 dd 6a 56 7b 37 25 be 97 02 ed 4d 8d f3 33 ab b0 27 7a e7 eb 5c 5a f8 56 c7 54 9d 1a 1f 0d d8 b2 ad c2 db 5a 5b ea 36 ac cd 34 85 77 fe e9 15 48 5c 77 cd 7a 0d c6 bf 16 a5 75 a8 47 ae 78 b2 3b 8b 86 b7 56 4b 8f 23
                                                                Data Ascii: iCl3va`rs'(m?Gu/$8q]W<5cu8a&K]Mto(6[.aVQeDOxZ;;iZ\/=,KruN.OSO]=CMjjV{7%M3'z\ZVTZ[64wH\wzuGx;VK#
                                                                2024-12-23 14:09:35 UTC16067INData Raw: ff 00 ba ed df 8a ca 78 9a 69 39 4a 1a 1b 73 54 b6 fa 94 3e 0f e8 6b 71 6f 71 33 7d bb ed 92 ee 89 21 87 e5 57 52 a3 a9 35 93 e2 4d 03 c6 ba 5d ad c6 a9 67 a1 7d 82 16 9b 6d 8d bf 96 db b7 37 a7 f7 7d 79 af 78 f0 ed 9a b4 1b ad 60 8f 6b 7c a9 b1 36 b2 29 ff 00 0a a7 e2 ef 0f 6a 16 1e 19 be bc 8e ff 00 ed 97 0d b7 c9 b4 d8 cd bd 8f 19 5e 6b e6 aa e3 63 ed b6 56 7d 19 eb 61 79 9c 52 b9 e2 bf d9 ba 7d e7 82 d2 f2 f2 7f ec bd 72 7b 85 8e f9 2d d3 6b 23 15 db 9d a7 85 5f 5c 57 61 f1 f3 4d f1 77 89 ec b4 cd 07 58 d3 1f 56 ba 5b 48 56 de 5d 26 c6 35 96 e6 3d bf 24 8f c0 f9 b7 71 fe ed 75 d6 7a 3c be 14 f0 ed c7 99 a4 c1 aa 78 c2 2d d3 d8 ff 00 67 5a ac fb 30 b8 f9 8b ff 00 10 af 2b d7 3c 43 f1 47 c1 fa f2 7d aa 0b a5 fe d6 89 99 fe 4d d1 ed 3d 9f 67 a7 a7 6a e5
                                                                Data Ascii: xi9JsT>kqoq3}!WR5M]g}m7}yx`k|6)j^kcV}ayR}r{-k#_\WaMwXV[HV]&5=$quz<x-gZ0+<CG}M=gj
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 79 d7 56 49 77 19 42 85 5f f8 73 fc 43 dc 76 ab 1a 06 93 71 af 6a ed 1d b2 3a 42 9f 34 d2 ec dc b6 f1 ff 00 79 ea 55 a1 e8 67 a5 3b ff 00 2a 31 6a c5 cf 98 15 63 7d d9 5f e1 35 b9 e1 d7 f0 fd 8f c4 0b 57 d4 a0 92 fb 47 82 e3 f7 a9 17 de 99 05 47 f1 22 7d 3e e3 c6 17 b2 69 71 c8 96 ad 2e 51 1f ef 2f b5 1c fe fa 56 05 52 f5 14 6d a5 ae 57 d6 b5 75 be d1 b4 db 15 b2 8a 1f ec f8 99 4c ab f7 a5 cb 67 2d 59 4a 71 c8 eb 4c a2 aa 31 51 56 46 91 8a 8a b2 3a ed 3f 50 f0 e6 ab e3 1b 5b 8f 11 25 cd a6 99 1d be d9 cd a2 2b 48 ee b1 f6 cf 1f 33 55 8d 57 4c f0 d5 cf 80 e0 d5 ac ae 05 8d e2 ca e8 6d e6 66 66 b8 c6 09 e9 d3 15 c4 d2 ee f9 76 d6 72 a3 76 9c 64 d5 8c 7e ae 93 8f 2b 6a c2 51 45 15 b1 d0 14 51 45 00 14 51 45 00 14 51 45 00 7d a5 0e b1 7d 2c 96 8b a3 da 58 ad
                                                                Data Ascii: yVIwB_sCvqj:B4yUg;*1jc}_5WGG"}>iq.Q/VRmWuLg-YJqL1QVF:?P[%+H3UWLmffvrvd~+jQEQEQEQE}},X
                                                                2024-12-23 14:09:35 UTC16384INData Raw: da da 38 2d 74 fb e5 92 37 bc b0 48 65 bb d3 ae 1d be 48 dd 43 a6 f4 fe e8 e8 71 fd ea e6 f5 2f 07 7c 44 bf f1 e3 f8 7f 4f d2 6c 5a fa ea 15 96 d2 e1 35 18 d5 66 8c ae ed f1 3b 60 3f cb f8 8a ed c3 50 95 79 73 de fd ce 65 89 8a 86 81 e0 ff 00 18 68 76 52 6b 9a a6 ad 69 e6 dc 45 69 0b 58 bc a8 cd 02 4d e6 61 c4 a7 f8 17 69 aa de 07 d5 2f 35 08 f5 9b 3d 35 e0 d6 ed ed ed fc a9 a1 49 fc af 94 f0 9c f3 f2 8f bf df 9a d3 f0 bd b6 a1 a7 68 f7 6b a8 47 22 ea 57 1f 7d de 0d cb 33 23 6d 41 d3 6c 8a ff 00 3a 1f f6 aa cf c3 5b dd 2b fb 37 c4 9e 1d 87 4d 8f 4b b8 f1 1e 9c ca f7 c9 6a ab f6 28 d1 86 f9 3b 73 e9 fe e5 7b 54 69 51 49 d3 6b fe 1c e7 a9 29 3d 4f 37 d7 be 14 f8 ba 5b d8 b5 1d 4a f6 d2 0b 79 62 55 0e ee bb 6e 58 c9 f2 aa 22 f5 5e 7a f1 51 f8 ae 35 d2 fc 10
                                                                Data Ascii: 8-t7HeHCq/|DOlZ5f;`?PysehvRkiEiXMai/5=5IhkG"W}3#mAl:[+7MKj(;s{TiQIk)=O7[JybUnX"^zQ5


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                11192.168.2.649833150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:34 UTC375OUTGET /th?id=OADD2.10239400773892_17T1CPYGPHYYUMXH6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:34 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 529122
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 51727013C31248E8A238188B1F902BE0 Ref B: EWR30EDGE0720 Ref C: 2024-12-23T14:09:34Z
                                                                Date: Mon, 23 Dec 2024 14:09:34 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:34 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 31 20 31 30 3a 31 39 3a 33 37 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:11 10:19:378C
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 8a 93 18 a2 8b 81 1e 3d a8 db 52 63 da 93 14 5c 08 f1 4b 8f 6a 7e da 36 d3 01 9b 68 c7 b5 48 a2 8c 7b 52 b8 11 e3 da 97 14 fd b4 63 da 8b 80 cd b4 bb 71 4f c5 18 a2 e0 33 6d 2e da 7e 3d a8 c7 b5 17 01 9b 68 db 4f a3 1e d4 5c 06 62 8d b4 fc 7b 52 e2 8b 81 1e da 5d b4 fc 51 8a 2e 03 31 ed 46 3d a9 f8 a1 45 30 19 b6 97 14 e5 14 6d a0 06 63 da 8c 7b 53 f1 46 da 00 66 3d a8 c7 b5 3f 6d 2e 3d a8 02 3c 7b 51 b6 9f 8a 5c 7b 50 04 78 f6 a3 1e d5 26 da 31 ed 40 0c c5 26 da 93 19 a3 6d 00 47 b6 97 15 26 da 31 40 11 28 a5 c5 3f 1e d4 bb 68 02 3c 51 8a 93 6d 23 0a 00 6e 3d a8 c7 b5 3f 6d 2e da 00 8f 1e d4 63 da a4 db 42 ad 00 47 8f 6a 36 d4 9b 68 55 a0 06 62 93 6d 49 8f 6a 36 d0 03 31 46 da 93 6d 1b 68 15 88 f6 d0 a2 a4 db 46 df 9a 81 91 ed a5 c7 b5 3f 6d 2e da 00 8f
                                                                Data Ascii: =Rc\Kj~6hH{RcqO3m.~=hO\b{R]Q.1F=E0mc{SFf=?m.=<{Q\{Px&1@&mG&1@(?h<Qm#n=?m.cBGj6hUbmIj61FmhF?m.
                                                                2024-12-23 14:09:34 UTC16384INData Raw: e3 40 59 0b f2 d2 a9 4e f4 dd ee 29 ea f5 37 1f 2a 15 4c 7f dd a7 a9 8a a3 df 43 3d 49 5a 13 28 4f e1 a5 dd 8a 89 64 14 bb ea 75 29 58 91 5c 0f e1 a7 ab 03 50 64 ff 00 76 91 58 8f e1 a9 29 32 da 8c fd da 46 cd 46 ad 4e de 28 34 56 11 cf ad 44 c0 6e fb b5 32 b0 34 36 0d 25 36 81 c1 32 0c a0 a4 66 15 2b 46 0d 42 f1 9a b5 23 37 01 ca ea 2a 54 9a 3a aa ca 69 b8 c5 1a 31 6c 5e f3 12 8f 31 3f bd 59 ec 48 a3 79 a3 94 7c c6 86 f4 34 d6 09 54 77 91 4b e6 35 1c ac 39 bb 96 59 40 e9 49 9a af e6 52 79 be f5 56 64 dd 16 37 1e 94 9e f5 0f 99 4a b2 29 a6 84 c9 7c cc 52 79 84 f4 a8 d8 e5 6a 3c 91 4d 24 26 c9 99 5f ef 1a 45 2a 3f da a8 b7 9a 4d e4 55 12 4f e6 10 bc 53 77 93 51 ef cd 1b c5 1a 00 ec fb d1 9f 7a 4c 8a 5d d4 ee 4f 28 67 de 8c fb d2 6e a7 28 2d d2 8b 8b 94 4c
                                                                Data Ascii: @YN)7*LC=IZ(Odu)X\PdvX)2FFN(4VDn246%62f+FB#7*T:i1l^1?YHy|4TwK59Y@IRyVd7J)|Ryj<M$&_E*?MUOSwQzL]O(gn(-L
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 6d a4 77 56 e0 d5 6d 5f c3 e9 a5 5a b4 ff 00 63 bc b9 32 28 dd 14 73 f9 2f 8f e2 62 dd f8 fc 4d 74 50 ea ba 65 c4 71 4b 23 40 cd 24 9f bb 6e 19 d4 03 8e fc 8a 5b 8b 8d 2e 69 98 ce d7 2c 19 be ea c8 ea d8 1d f3 ba bd 0f ae 26 b4 67 9f f5 5b 33 94 d2 44 b2 c7 15 9e 99 fd b3 a5 2c 1c 79 52 c2 5a 16 03 dd b1 c5 5e 96 ce f6 6f 90 ca b2 79 71 e3 74 6b bc 63 19 f9 8f 45 6f c6 b6 d1 74 bb 48 58 da b2 b0 65 cb 79 f2 4b 31 d8 7a fd e2 73 f8 d6 8d ac 76 d2 36 2d 1d 63 5d a0 fc b0 05 56 07 b7 6e 6b a2 9d 6e 6e a6 33 a7 63 92 88 0b 7d 3d ac b5 06 9e 65 95 88 fd de c7 6e 46 72 71 9d bf a0 a5 8a 0d 2c 79 f6 1f e9 71 b4 98 dd 34 b0 1f df 11 d0 f9 9b 70 7e b5 d7 26 8b a2 27 99 22 45 1c 6d 26 43 79 71 a2 ee 1d c9 c0 cd 41 73 a6 e9 f6 cb 25 ec 76 6d 22 db 60 ac 76 cc 73 26
                                                                Data Ascii: mwVm_Zc2(s/bMtPeqK#@$n[.i,&g[3D,yRZ^oyqtkcEotHXeyK1zsv6-c]Vnknn3c}=enFrq,yq4p~&'"Em&CyqAs%vm"`vs&
                                                                2024-12-23 14:09:35 UTC16384INData Raw: d5 e3 0e f8 3c 91 93 df 77 e1 8a 7d 84 5a 36 97 0a a3 fd 87 6c 52 2c 7b 9b 67 ef 31 8c ee ec b8 3d ab b3 0f 8c 8c 29 f2 cf de 6c c2 ad 16 aa de 2d 24 73 17 f2 b6 b3 e1 39 2f 45 b3 2d ca c9 88 23 f9 d9 57 3c ee 00 75 e0 3f 5a ca 8f 43 d4 5b c6 0d 6b 25 b4 91 c5 73 36 22 5d bb 56 32 a5 09 7c f7 3c f5 c7 1b 8d 7a 42 eb 76 eb ac 2c 02 5f 38 4a a0 c6 d1 b6 e5 51 8e fc 7c dd c7 15 76 c2 fa de ee e3 cb b6 9f cd 92 0c f9 8d b7 f1 e3 ba f6 ac 3e b5 ec d3 5c b6 4e ff 00 89 6e 33 93 52 e6 3c 56 ff 00 c1 f7 9e 23 f1 d5 f0 f9 a2 8e ea 59 26 55 89 4b 7c ed f2 c7 cf bf f2 ac eb ef 01 eb 16 56 37 4f 06 9f 3a 88 36 f9 92 6d 0b bb 6e 77 0e bf 36 58 8e 2b d7 ac 6e 64 3a f4 b2 43 e5 c1 b6 3f de 6d 5f 99 b6 b9 6e 5b d8 62 99 ae 4e 6e 6c e2 bf b7 be b6 50 b2 10 d1 6e f9 b9 fe
                                                                Data Ascii: <w}Z6lR,{g1=)l-$s9/E-#W<u?ZC[k%s6"]V2|<zBv,_8JQ|v>\Nn3R<V#Y&UK|V7O:6mnw6X+nd:C?m_n[bNnlPn
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 9a 28 b7 2e d8 f3 27 f1 6e e7 23 a7 4a cf d5 75 09 da cf ca 76 6d b2 7c aa cc dc f3 fe 5a ba 9d 5c 5d 7f 76 ac b4 97 e4 67 08 d3 a7 66 96 a8 ed ad e5 92 ef c3 f0 6a d6 7e 5d 99 55 03 50 b4 81 82 a5 bc ad ce e0 31 c2 31 ec 38 07 8f 4a af 6d 7b f6 e5 60 6d 6d a5 0a b9 de ca 1b 70 1e 87 6d 72 f6 ba d4 96 f7 11 4b 6f 72 b1 b3 7e e5 b6 fa 1c 67 23 b8 ab fa 4f 89 6d 51 a4 57 97 68 92 4c 2a b7 cd f9 1a fa 9c 1e 6a ed cb 24 79 95 70 e9 bb 9b 17 56 16 97 93 79 f3 59 b2 b4 7c ee 8a e6 45 5f fb e4 82 33 f8 54 b7 9a 44 d3 5a ad b8 d4 27 81 62 6d f1 f9 be 5c 8a a4 82 b9 ce d0 7a 71 8c d4 8f a9 ec b3 59 44 be 5a ed 0f e6 34 89 b7 a6 4f 43 9a 73 eb f6 76 d0 ac bb be d9 32 a8 65 f3 30 a9 1b e3 ba 9f be 47 fd f3 f5 ae 9a 99 85 2a b5 15 35 4d 49 19 42 87 2f bc dd 98 df 8b
                                                                Data Ascii: (.'n#Juvm|Z\]vgfj~]UP118Jm{`mmpmrKor~g#OmQWhL*j$ypVyY|E_3TDZ'bm\zqYDZ4OCsv2e0G*5MIB/
                                                                2024-12-23 14:09:35 UTC16384INData Raw: b2 b5 cd 2c cb a9 45 a5 5b 45 2a c7 73 7d 1c 1f bd 6d cc b1 ae 33 92 09 1f 7a bd 7a 71 7c e9 bd 37 fc f5 1d 4b d9 41 77 fd 74 fc 2d f8 9b fa 0e a5 88 6d a2 8f 74 51 ad a7 da 6f 64 5f 95 55 ca 6d 40 71 ec df f8 f5 52 d5 65 92 d3 c2 b7 5a 84 ad 1c 72 5d 5c 8b 58 a2 fe 18 e2 5c ec 45 ed 8e 32 7d 6b 5b 58 b5 84 43 74 f7 76 7b ac 63 8c 6e 10 37 cd 70 78 e1 40 e8 3e e8 c9 e9 c9 f4 a9 75 2d 2e e7 58 b7 82 da de 08 a2 96 d9 bc cf 36 46 dd 1d 9c 7b 30 9f 89 e7 1d eb 2a 73 84 5a 6f 6b eb f9 9a ce 8c ea 5d 27 af f5 fa 6c 4f e0 bd 28 4b a5 da 81 04 1f 69 8e 3f 37 74 aa 55 14 e4 92 e7 dc 67 b7 6a 83 c6 d7 1f 6a ba 92 0b 29 7c b0 b2 79 97 37 2b f7 b2 06 32 3d fd 3d 07 4f 7e ae da de de cf ca d2 d1 b6 aa db 32 4b 27 de f9 17 f8 73 fa 9f 53 5c e3 c1 00 d6 2e 6e 67 65 92
                                                                Data Ascii: ,E[E*s}m3zzq|7KAwt-mtQod_Um@qReZr]\X\E2}k[XCtv{cn7px@>u-.X6F{0*sZok]'lO(Ki?7tUgjj)|y7+2==O~2K'sS\.nge
                                                                2024-12-23 14:09:35 UTC16067INData Raw: 8b 0b 24 8b f3 29 38 ca f4 fb dd 3e b5 f3 f8 ec 0c a3 53 47 75 ae bf 8f ea 7b b8 6a f1 a9 15 75 67 db fa f4 3a 58 e0 76 d2 f4 f9 2c 16 39 44 92 46 19 24 6d bb b7 1d cc 38 ed b7 b7 7a cf d4 ae 23 bc 69 ee d2 59 65 2b 17 db 23 55 8f f8 dd 8e 30 47 e1 fe 35 57 fb 7a e2 1b 7b 69 2d e5 f2 95 95 82 b7 96 37 64 8c e7 8f 45 fd 71 58 7a 87 8a ae 4d bb 18 e7 f2 bc f9 14 32 ae 57 e4 0b eb db 39 ac 30 d8 5a b2 99 75 a7 14 86 c7 61 7e 26 82 49 20 dd 2c 92 ef f3 77 16 55 0a 08 1b 9b d4 03 fa d5 ad 0f c0 97 1a be a9 22 6a 7a ce e8 bc bc c7 04 0a 5b cc c9 07 23 d3 8f 5c d3 6c fc 46 eb a9 4b 00 96 39 15 62 25 97 76 df de 11 f5 e7 15 db 78 4b 5f 9e 1d 0f 7d cd cc 6b 1c 92 f9 6b 24 78 dc ce 07 41 83 d3 8a fa 45 4d d2 87 33 d1 b3 cf 53 52 97 a1 88 9e 06 d3 6c 1a d5 2c d6 49
                                                                Data Ascii: $)8>SGu{jug:Xv,9DF$m8z#iYe+#U0G5Wz{i-7dEqXzM2W90Zua~&I ,wU"jz[#\lFK9b%vxK_}kk$xAEM3SRl,I
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 95 7f 3b cc aa 1f aa f0 db 7f 87 db d2 ba 85 d3 44 93 34 9b 7c b9 3c bf 95 97 fc e6 aa 47 a0 0b 8f 31 1d 56 35 fb de 63 49 b1 bf 5e 39 ab a6 9b 26 f6 31 16 64 36 fe 64 eb b9 57 f8 b6 fc aa 6b 5b 4d d1 e4 46 59 6f da 36 59 50 1f 2d b3 96 43 fc 4a 47 7c fa d6 8d 8e 8f 15 b5 bb 08 d9 70 ac 3c c5 8d b7 72 3f 3a 96 4b f3 0c 3b 36 ac 87 cb f9 b7 63 a9 3e 95 73 d0 97 26 f4 44 b6 69 1c 1f ba 79 7c a4 5c 1f 31 be 6d be 83 a1 fc e9 6f da e2 09 25 4b 39 5a 45 b6 50 f2 7c bb 57 24 75 1e 9e 95 0f f6 8c 6f bb 7e e5 dc bf 77 8f f3 8a 5b 7d 41 77 36 55 5b 72 81 f3 2f cc a3 35 86 ba d8 99 26 92 d0 96 c7 50 b8 5b 85 cc 4c a5 54 3e dd be 95 62 fe ea ce 79 18 9d d1 ab 2e 37 6d 2d d3 b6 0f 4c e6 ab 35 f0 7b a5 b8 75 fb cb 8f 99 b7 70 3d 3d 2a 79 ae e0 b9 6f 22 4f 95 76 ef 55
                                                                Data Ascii: ;D4|<G1V5cI^9&1d6dWk[MFYo6YP-CJG|p<r?:K;6c>s&Diy|\1mo%K9ZEP|W$uo~w[}Aw6U[r/5&P[LT>by.7m-L5{up==*yo"OvU
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 42 f8 0d 8c 7a 1c d5 4d 6b 56 82 49 24 d8 be 64 4c c1 da 5f 33 fd 67 3f d3 a5 40 da ac f3 b3 db 47 3b 47 b9 48 66 8f 0b bb 8e ec 71 d2 b6 f6 15 65 ac a7 e7 e4 25 52 94 5a 49 17 6c 7c 3b 6d 6d a7 da c0 55 60 85 77 5e 49 24 8b bb 71 c7 19 3e 81 6a 92 4f 2b 69 77 cd 6f 6a bf 68 f3 4c 11 32 c4 59 d5 0f 0c 40 c0 c0 c7 4c d2 ff 00 6e cc b0 fd 9a 3b 96 8e 58 e2 69 37 72 55 70 3b 2f bd 63 c3 e2 0b c5 69 35 08 9b 78 66 51 23 2a ed 65 cf 3c 2f 63 f8 1a d2 9d 1a 8a ee 72 be bf a9 d0 aa d3 49 7b a1 1e 8f 3b e9 37 36 f1 e9 91 f9 76 77 3e 74 90 34 9f 3e 5b 85 c9 ce 79 cf d3 35 da f8 56 d2 0d 2b 4b 6f 22 ce 08 25 96 25 76 5d bb be 4c 6e c6 3d f3 f8 57 9d df 6b 7a 9a 4d 05 c5 9b 4a c6 e9 98 b6 d5 dd bb 67 73 df 8a de f0 35 fe b3 77 0a c9 73 79 2f cd 11 db bb 3f c5 95 e9
                                                                Data Ascii: BzMkVI$dL_3g?@G;GHfqe%RZIl|;mmU`w^I$q>jO+iwojhL2Y@Ln;Xi7rUp;/ci5xfQ#*e</crI{;76vw>t4>[y5V+Ko"%%v]Ln=WkzMJgs5wsy/?


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                12192.168.2.649834150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:34 UTC346OUTGET /th?id=OADD2.10239400773891_1XKX8280IWZU58KM4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:34 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 387786
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: E766AE930EA044A299A8386C46843B19 Ref B: EWR311000108017 Ref C: 2024-12-23T14:09:34Z
                                                                Date: Mon, 23 Dec 2024 14:09:34 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:34 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 31 20 31 30 3a 32 30 3a 30 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03
                                                                Data Ascii: JFIFHHExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:11 10:20:008C
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 30 f6 a7 e3 34 6d ff 00 be 68 0b 0c db 4d c7 a5 49 b7 e6 a1 87 7a 04 47 b4 d1 8e f5 23 73 46 da 77 01 98 a4 c7 b5 3f 6e 28 da 68 b8 11 b7 34 30 ff 00 be aa 45 5c 2d 26 3e 6a 2e 03 56 95 87 de a5 51 ed 4e db de 8b 80 cc 52 6d a9 19 68 03 14 5c 06 62 8c 53 f6 fc de d4 32 d3 01 bb 4d 0a 3f 3a 7e 0d 0c 3e e9 6a 90 1b b7 34 98 1b aa 4c 7b 51 8f 6a 00 6e 06 d5 a6 e3 3f 5a 93 1e d4 63 da 80 1a cb 86 e2 9b b4 ed fb b5 36 33 42 8c 50 04 4a a7 fe f9 a5 c1 fc 29 f8 a3 14 0e c4 6a 29 70 d5 26 dc d1 b4 d0 21 98 ef 49 8f 6a 91 45 18 ef 40 0d c6 28 61 4e c7 cd 46 3d a8 02 3d bf 35 2a ad 3b 14 b8 f6 a0 06 b0 f5 a2 9d 8f 6a 31 ed 40 ec 37 1e d4 2a fe 54 b8 cd 2d 02 1b b4 52 01 e9 4f c7 b5 22 81 40 09 46 da 72 8a 31 ed 40 ec 26 29 3e 6a 76 3d a8 c7 b5 03 1b 8c f1 46 3d a9
                                                                Data Ascii: 04mhMIzG#sFw?n(h40E\-&>j.VQNRmh\bS2M?:~>j4L{Qjn?Zc63BPJ)j)p&!IjE@(aNF==5*;j1@7*T-RO"@Fr1@&)>jv=F=
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 49 4f cd 32 9d c0 55 a5 5a 75 39 58 15 c6 da 2e 03 7e 6a 72 b6 29 77 e2 9f 1c 91 ed c3 ad 4f c8 a4 95 f7 04 93 35 2a ed 3c 54 79 8c f2 2a 3c e3 a5 45 ae 52 76 2d ac 40 d2 b4 43 a0 aa f1 ca eb 4f fb 41 0d 53 69 16 a5 12 5f 27 da 86 80 7f 0d 09 3e 56 9e 92 29 6e 6a 2f 24 5a e5 23 f2 7d e9 3c ba b4 80 37 f1 53 bc 9c f4 a8 f6 8d 17 ec 91 4f cb a5 c2 8a b2 d0 b5 31 a2 61 47 b4 17 b3 64 0a 0d 35 f3 56 19 08 e2 98 cb 8a a5 24 27 06 42 8e 45 48 92 7a d3 5d 08 e6 a3 60 e2 b4 d1 a2 35 45 b5 65 ff 00 76 a4 55 43 d2 a9 23 91 d6 ac 43 28 db 59 4a 2d 1a 46 57 25 68 a9 3c a1 4b e6 d2 79 82 a2 f2 34 b4 44 78 d0 f5 5a 86 5b 78 cf 4a 9f 78 35 1b 91 55 19 c9 32 65 18 b4 54 96 3d b5 1b 2d 5b 70 a7 ad 46 cb 5b c6 a1 cf 2a 7a 95 b1 eb 46 2a 56 53 4c db 56 a4 8c dc 5a 05 15 73
                                                                Data Ascii: IO2UZu9X.~jr)wO5*<Ty*<ERv-@COASi_'>V)nj/$Z#}<7SO1aGd5V$'BEHz]`5EevUC#C(YJ-FW%h<Ky4DxZ[xJx5U2eT=-[pF[*zF*VSLVZs
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 73 c0 d2 33 96 f4 ff 00 6a 82 7a 17 7e d9 95 e3 ff 00 42 f9 a9 16 f6 47 e9 17 0b fe d5 57 99 b7 72 92 f9 67 fb db 6a 06 62 17 3e 6f fd f5 f2 d0 06 8f db 24 db 84 5e 7f de a6 2d d3 9e aa ca 1a b3 de 60 9b 7e 66 5f f7 57 fa d3 e4 9a 35 55 3e 6f f1 7c df 2d 1c c0 5f 79 b1 d1 9b 3f ec e6 89 27 94 2f ce cd 96 ff 00 80 d5 09 a6 8f cb 63 1c ac c7 f8 77 2e dd d4 c4 95 b6 b7 f1 1f ee ff 00 12 d3 ea 06 82 cd 2e dc c7 d5 7e ed 4c b3 ce 55 40 65 5f fb 69 b7 f9 d6 57 9a e1 b2 63 6d bb 7f bd f7 a9 c9 24 4d d3 cf 56 5f e2 6c 52 d0 0b fe 75 c3 6d 49 1b 8f f7 bf 2a 47 b8 93 e6 1e 57 1b 7e f2 d5 39 04 0b f3 9d d9 5f ef 37 cd 51 f9 b0 33 73 e6 2b 37 f0 f3 f3 0a 61 a1 a2 2e a5 f2 d8 98 9b fd a6 dd 4e 6b b9 17 81 e6 2f fb b5 94 f2 a4 5f 75 76 9f ee ee 3d 68 90 bb 7d f9 59 4f
                                                                Data Ascii: s3jz~BGWrgjb>o$^-`~f_W5U>o|-_y?'/cw..~LU@e_iWcm$MV_lRumI*GW~9_7Q3s+7a.Nk/_uv=h}YO
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 3e 48 ec da ee e5 5b cb f2 c0 6d 9f c2 41 ab 30 b5 90 92 3b d4 db f3 67 ee b7 dd f5 ac 5d 52 d2 f5 6d 63 b3 8f ed db 9b 08 b2 37 dd 63 8c fc de d5 8d a6 da 6a 10 d9 fd bb 53 96 4f df a9 31 c7 b7 6b 43 fc 27 3d b9 af 0f 11 8a ab 59 4a 52 9d 91 ea d2 c1 51 a4 92 51 b9 d0 cd a9 47 3c cb 1d a3 2b 7c c7 72 b3 6e e3 da ab cd 30 87 52 54 9e 7f 2e 36 e1 97 69 dd 8a e7 b4 18 af 22 b5 96 0b 78 b7 22 e0 c1 24 8d f2 c9 c1 dd 8e f5 91 e2 0d 4b 59 b5 bc 8a 29 56 49 59 94 15 da b8 f9 3a 9f 9b d6 b1 a7 4a 73 9b 8c 24 6f 2e 44 9c b9 4e 8e fe f3 50 85 a7 88 7f ab 8d bf 77 fe cf 3d 6a a5 e6 b7 76 d6 28 87 72 cc cc 76 ed 5f bc e3 a7 d4 1a 64 de 21 d3 23 b3 b3 59 37 4f 72 cb 96 55 6f 9d 4f d4 90 1a a0 b2 be 8f 51 b7 ba b8 b6 b6 dc b2 31 0a b2 37 fa b2 07 de c0 e7 19 ae da 34
                                                                Data Ascii: >H[mA0;g]Rmc7cjSO1kC'=YJRQQG<+|rn0RT.6i"x"$KY)VIY:Js$o.DNPw=jv(rv_d!#Y7OrUoOQ174
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 57 62 b7 de 8f f8 69 f6 d7 31 a4 de 7c bb a4 55 97 2b 16 ef bc 3d cd 62 6a 4e 96 6d 1e 2e 55 c4 b1 2c 8b f8 ff 00 81 e2 a5 b3 b9 9e ea 45 8a 15 dc 63 5d ec df c2 bc e3 27 e9 4f d9 45 c6 fd 0e 69 4a 5c c6 ba 6a b2 45 79 ba 09 76 96 6f e2 5d c8 c9 fd dc 77 15 de 68 9e 3d d6 f4 4f 2f 4b b0 b9 b6 92 19 55 4b 5b 5c b7 fa bd c0 1f dd c9 fd 0d 79 bc 36 7e 65 e5 ac 0d 13 47 2c 9e 73 c8 db be f0 4c fe 9c 57 4f a8 69 31 3f 88 ac d5 db cd 86 e6 08 fc b9 17 66 e5 2a 3a 38 5e 0e 59 78 f6 ae 3c 57 d5 e5 6a 75 23 75 ae 86 b4 2a 57 a7 27 38 3b 33 ad f1 67 88 ee 35 2d 0e db 4b bc 8b 6b 5b 45 24 ca cc bf 32 c8 a4 36 39 1e 95 b9 75 e2 9d 1f c4 ed 03 db c5 6d 73 1c 56 c7 ed 6b 22 a7 5d 83 f1 af 38 f0 4c fa 84 9a e7 90 ed e6 db ea 0b 3b 22 c8 db 96 39 36 1f 94 ee f4 15 6b c3
                                                                Data Ascii: Wbi1|U+=bjNm.U,Ec]'OEiJ\jEyvo]wh=O/KUK[\y6~eG,sLWOi1?f*:8^Yx<Wju#u*W'8;3g5-Kk[E$269umsVk"]8L;"96k
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 03 2c 4b f7 be 4e 72 39 fc aa 84 cd 2f da bc ab d8 a5 81 9b e7 dc bf 36 e1 fc 3c fb d7 9f f5 a8 d4 6e 50 88 d4 65 14 ae c8 7c 2f 73 a9 9b 39 ed 2c 27 db 2a ca 36 c4 cc 55 18 91 cf 39 c6 7e b5 ad a5 6a fe 55 9d ce 9d a9 ff 00 a4 c9 1b 24 ec b0 e1 55 43 fd e5 04 75 20 d7 37 a6 c1 2e af e2 29 5e 06 db 6b 67 91 2b 2e 53 92 3a f1 dc 57 65 f0 ef e1 e4 5e 22 d1 d7 5f 8b c4 6b 6b 24 93 b4 6b 6d 24 7f 34 88 3a b1 20 ff 00 7a b7 ac e8 34 e5 52 c9 e9 f2 7d 0c e9 fb 65 24 a1 ae bf f0 ff 00 81 6b c5 57 e2 ce ea 59 6d f5 3b 68 a3 92 d2 34 f3 24 52 5b 00 65 54 fb 8a e5 f5 5f 10 c1 79 6b 6d 68 75 0f b4 af 98 43 32 a9 f9 a4 3d 4f e1 5d 1f 8c fe 1d 5c 5b ab 5f 6a 3a d4 7f 2e 4e d5 83 bf 6e ff 00 30 af 34 d1 e3 82 d6 ea 38 2c 1a 49 f6 c8 5e 66 68 c2 b6 f0 78 0a 39 ad 70 b8
                                                                Data Ascii: ,KNr9/6<nPe|/s9,'*6U9~jU$UCu 7.)^kg+.S:We^"_kk$km$4: z4R}e$kWYm;h4$R[eT_ykmhuC2=O]\[_j:.Nn048,I^fhx9p
                                                                2024-12-23 14:09:35 UTC16069INData Raw: 22 9c af cd d3 fc 8e b3 e1 ff 00 84 e0 d7 b5 88 ad ed a5 da 2e 20 28 d2 f9 25 11 62 5f bf 80 33 8c 9c 0a f7 dd 2f c3 fa 8d b5 8a db 41 a8 47 1c 6b 18 45 db 19 e8 06 3b d7 0b f0 d3 4d 9b c3 1e 1d 8e 54 fb 5a df 4f 19 fb 4f 97 19 7e 0f 21 57 3e 87 b5 76 56 3a dd e4 d0 e3 ed 97 db 97 86 dd 6d b5 9b 8e b8 eb 5e f6 12 9d 4a 49 c6 50 d7 cc f2 63 28 54 7c f7 b1 a7 6f a6 6b 10 5b ac 69 aa c1 85 5c 2e e8 ff 00 fa d4 d9 ad 75 bf 2f fe 42 f6 d9 ff 00 ae 75 5d bc 45 71 14 7b 1e 0b b6 ff 00 69 a3 0a bf ad 56 fe dc bd 9d b3 0c 17 3f 2f de dd b3 6d 75 cf da 2f b3 f9 1a c7 d9 ff 00 31 6b ec 1a da ed ff 00 89 ad 9c 9f f6 cc 54 eb 61 aa 85 e6 f2 09 0f 56 fd c0 15 97 71 ab eb 23 98 ec 7c cf f7 bc ba af 36 af e2 12 bf bb d2 23 90 37 f1 34 f1 af f5 ac bf 7a fe c9 aa 54 d7 da
                                                                Data Ascii: ". (%b_3/AGkE;MTZOO~!W>vV:m^JIPc(T|ok[i\.u/Bu]Eq{iV?/mu/1kTaVq#|6#74zT
                                                                2024-12-23 14:09:35 UTC16384INData Raw: a3 7d ce d5 b5 79 87 06 ce 4f fb e8 d3 d7 57 3b 73 f6 39 f1 f8 ff 00 85 70 ef a6 de f9 7c 6a f6 db bf da 82 45 5f d2 99 0d 8e b3 1f 4d 56 c7 1f f6 f1 4b db 3f e9 a1 fb 28 ff 00 48 ee ff 00 b5 e2 0b ff 00 1e d3 aa b7 f7 54 ff 00 85 1f da 96 05 70 f0 37 fc 0a 01 fe 15 c5 79 3a c8 5f dd ea 1a 7c 87 fb ad 3c ab fd 2a 44 4f 10 2a e7 ed 96 59 ff 00 b0 81 5f e6 28 f6 cf b1 3e cd 77 3a b7 d4 b4 46 e2 48 a3 ff 00 7a 48 11 69 9f 69 f0 f9 e3 fd 07 fe f9 15 cc a2 78 95 d5 96 3b eb 66 ff 00 76 f5 1b f9 ad 45 24 5e 25 dc bf ea e4 2d ff 00 4d e1 6f e9 47 b6 7d 0a f6 51 ee 75 9f f1 4d c9 c1 5b 16 3f e7 d2 a0 6b 6d 00 49 b3 ec 76 cc bf de 8d 8a ff 00 33 5c eb 41 ae b2 ec 92 08 e4 ff 00 65 64 89 7f 96 2a cd b8 f1 2a ae 23 b1 83 6f f0 fc b1 b7 eb 9a 6a a3 dd a0 f6 6b a3 3a
                                                                Data Ascii: }yOW;s9p|jE_MVK?(HTp7y:_|<*DO*Y_(>w:FHzHiix;fvE$^%-MoG}QuM[?kmIv3\Aed**#ojk:
                                                                2024-12-23 14:09:35 UTC16384INData Raw: e5 6b 73 4b ee 39 d5 4f 18 22 e0 78 72 ef 1f ec dc c4 ff 00 cd aa c6 9e 3c 52 66 cd c6 99 77 10 5f e1 95 63 5f fd 05 ab 7d 23 d6 d3 fd 64 16 9f f0 1f 32 95 9b 54 5d bb da 05 0b fc 3f 33 6e a8 94 62 d5 b9 51 71 94 d7 da 7f 71 8f 71 6f e2 42 b9 0a b1 ee fe f4 5f fd 7a aa f6 1e 29 56 ca 4f 6d ff 00 7e de b7 d0 ea 87 81 3c 19 fe 1f dd bf ff 00 15 4e 90 78 83 aa 5d c1 9f f6 95 ff 00 c6 b1 54 a2 bf 97 fa f9 a3 57 51 f7 7f d7 c8 e7 66 8f c6 0a d9 12 e9 6d b7 fb de 62 d4 4c de 34 2a a0 41 a4 b7 fd bc 9f eb 5d 1a ff 00 c2 4f bb 68 be b1 cf fb 50 3b 51 9f 12 7f 1d ce 9e c7 fe bd 8f f8 d1 ec bc a3 f8 ff 00 f2 41 ed 3f bd 2f c3 fc 8e 7e 03 e3 9f 2d 71 63 a6 c9 fe ed dd 58 85 fc 66 ab fb dd 22 db fe 03 7a 17 fa d6 da c9 ad ab 73 3e 9e c7 fe bd 88 fe b4 e6 3a b3 2f ef
                                                                Data Ascii: ksK9O"xr<Rfw_c_}#d2T]?3nbQqqqoB_z)VOm~<Nx]TWQfmbL4*A]OhP;QA?/~-qcXf"zs>:/


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                13192.168.2.649835150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:34 UTC346OUTGET /th?id=OADD2.10239402415510_1LQQ8WSBAXW97X0WT&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:34 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 606841
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 50A62060A06042559B4F0887E46B2AD7 Ref B: EWR30EDGE0209 Ref C: 2024-12-23T14:09:34Z
                                                                Date: Mon, 23 Dec 2024 14:09:33 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:34 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 16 5a 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 32 20 30 39 3a 34 36 3a 30 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``ZExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:12 09:46:028
                                                                2024-12-23 14:09:34 UTC16384INData Raw: e8 6b 4d 16 a1 8b 6c 9b 5a ae 47 b5 7f e5 9d 53 8c b3 47 f3 7d ea d1 b5 46 78 d3 75 71 d4 67 b7 85 82 7a 45 12 c6 19 bf e5 9d 48 a3 f8 6a 48 63 dd b2 ac 2c 0a df 76 b9 1c 91 ee d3 a3 72 15 45 69 37 55 a8 63 66 a9 21 b4 ab 51 c0 cb 1e ea e7 9d 43 d3 a3 87 7d 51 5e 3b 7a 95 61 db 53 ad bb 35 48 b6 cc 6b 17 50 ee 8e 1f 4d 11 5d 53 6d 0a 1a ae 47 06 ef bd 52 47 6e bf f0 2a cd cd 1b c6 83 65 35 0d 53 2f fb 55 71 6d d5 be ed 3b ec eb 51 ed 11 d1 1a 0d 11 c3 1d 4e b1 2f 99 f3 52 ac 6a b5 2a 8d bf 7a b2 94 ae 75 53 a6 b6 62 ac 4b 52 c3 1a ad 44 c5 bc bf 96 8c ca b5 9b 3a 54 51 6f 62 d1 84 a8 3c d6 6a 99 77 37 de a8 3a 23 66 84 c5 3b ef 52 aa 50 c2 95 cb b0 aa 31 4b 42 a3 53 d5 2a 1b 34 5b 02 d3 96 91 85 3a 31 ba a1 bb 96 90 67 15 22 bd 37 65 2c 62 91 a2 d0 b2 a7
                                                                Data Ascii: kMlZGSG}FxuqgzEHjHc,vrEi7Ucf!QC}Q^;zaS5HkPM]SmGRGn*e5S/Uqm;QN/Rj*zuSbKRD:TQob<jw7:#f;RP1KBS*4[:1g"7e,b
                                                                2024-12-23 14:09:34 UTC16384INData Raw: 5c 7e ef e6 ae 77 5c ff 00 59 f2 ff 00 e3 95 ea 61 6f 75 73 e3 b3 a7 07 06 d1 93 30 65 f9 7f 86 a1 61 56 64 a8 b9 af 50 f8 f4 40 c1 aa 36 18 a9 da 93 15 46 9c c5 7c d1 9a 99 a2 55 a6 32 62 82 b9 93 1b 4c 6a 73 52 71 41 43 72 68 a7 6d f7 a6 e0 d0 30 a5 5a 4a 29 dc 43 a9 33 42 d1 8a 40 3d 4d 2e 6a 3c d3 e8 13 1d bb de 85 34 da 76 df 6a 04 3a 9d 4c 5a 91 68 21 89 d6 8a 28 a9 10 51 4e fb d4 6d f6 a0 1b 1b 4e db ed 4b 8a 31 40 ae 26 df 6a 6d 4b b2 8d 94 05 c8 a8 e6 a7 58 dd a3 dd fd da 6f 96 df c3 40 ee 47 8a 5d be d4 ff 00 29 fd 6a 55 89 9b ee d2 ba 0b 37 b2 2b ed f6 a9 6d ed e4 7f b9 1e ea bf 63 64 cd 22 b4 91 d6 9d ad b2 c1 f2 af de ac 2a 62 23 1d b7 3d 1c 3e 5f 52 a5 9c b4 46 0f d9 a4 f3 36 d4 d1 d9 4b e5 fc d5 bb e4 2f de d9 4e 58 bf ef 9a c5 e2 59 db 0c
                                                                Data Ascii: \~w\Yaous0eaVdP@6F|U2bLjsRqACrhm0ZJ)C3B@=M.j<4vj:LZh!(QNmNK1@&jmKXo@G])jU7+mcd"*b#=>_RF6K/NXY
                                                                2024-12-23 14:09:35 UTC16384INData Raw: a7 c5 35 a8 27 94 65 36 9c c2 9a c2 82 42 8e 69 19 55 be f5 2f 34 00 51 45 2e 69 a0 16 8a 6d 26 69 80 fa 36 fb 53 37 d1 be 80 1f 4b 8a 6e 69 54 d4 80 ee 94 ea 66 68 cd 03 4e c4 bb bd e9 ac 6a 3d de f4 31 a0 7c c8 7e 69 54 d4 7b 9a 95 68 1a 77 26 cd 3b 35 0e 69 d9 a0 ab 8e cd 2b 3d 33 34 9c d2 b0 f9 87 e6 8c d3 14 d1 45 87 70 99 3c d8 fc b5 92 45 6f ef a3 ed ac 5f 0f f8 a7 4c d5 35 27 d3 63 9f 75 c2 bb 2a 3f f0 cc c3 3b 87 d7 e5 ad a8 7f d7 a2 b7 f7 eb e6 fb ad 67 c7 ba 4f c6 9f 32 4d 26 fb fb 0e eb 56 6b 3b 1b 4f b5 7e e1 e6 49 37 e4 c8 4f ca bb 57 9c 2e 0f 20 53 8c 6e 65 39 b8 ea 8f a4 33 ba 93 35 4b 43 b8 9e eb 4d 49 ae 20 f2 a4 df b7 e4 7d cb ff 00 01 ab 95 26 8a 57 57 06 34 51 45 03 b8 99 a4 a9 39 a4 c5 03 19 bb de 8d de f4 fc 52 30 a0 06 d1 4e a2 81
                                                                Data Ascii: 5'e6BiU/4QE.im&i6S7KniTfhNj=1|~iT{hw&;5i+=34Ep<Eo_L5'cu*?;gO2M&Vk;O~I7OW. Sne935KCMI }&WW4QE9R0N
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 1b 73 1f c2 b1 ae af 7e e7 4d 07 6b 68 7a 5f c1 3d 63 5a 83 c5 5a 34 97 d1 e9 ba 5e a1 e2 6b 7f 22 c6 67 ba 56 9e e5 4e 66 79 1a 2e b1 cb 2b 36 01 5e 8a df 77 a5 7b 6f c6 a8 db 5c f8 11 ae 5c 68 f7 fe 54 91 58 fd b2 19 bf 8a 16 87 f7 8d ff 00 02 1b 2b c3 7e 0e fc 44 d2 ad be 0e e9 9a 2e b4 9a 56 97 ae 78 6a c7 6a 6a 97 df 32 ea 16 53 6f 78 7c a5 4f de b4 9f 2f b1 5f 5a f4 4d 17 e2 a7 87 a6 f8 1f ab 5e 5e 6b ba 6d d4 8b 63 0f d9 ed 1d 16 2f dd ed 4f bf fc 52 26 fd db 88 07 01 30 79 ac e9 b8 28 b8 df 72 ea 46 4e 5c c7 c5 57 da 84 b7 16 a9 ab 5f 5f ea 5f 6e de b2 fd a3 ef 32 65 b7 02 ac 79 66 fb c7 35 d8 5b dd e8 7a bf c2 7d 5b 52 92 d2 fb fb 41 ae 21 8a d3 51 bb 9d b7 26 57 13 3c 8f ff 00 2d 72 df c0 17 2a 39 cf 35 d8 78 a3 e1 da f8 b7 58 f1 34 92 6b 5a 96
                                                                Data Ascii: s~Mkhz_=cZZ4^k"gVNfy.+6^w{o\\hTX+~D.Vxjjj2Sox|O/_ZM^^kmc/OR&0y(rFN\W___n2eyf5[z}[RA!Q&W<-r*95xX4kZ
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 00 5a c2 f8 99 e3 1d 7b c6 5a e5 c6 a1 79 3e eb 58 bc b5 b7 87 fe 59 59 46 8b 1a 2f 94 3f 83 ee 0e 95 d9 fe ce 3a fe 99 3f 8c 6c 6f 35 4f b0 c5 67 a6 dc 34 ff 00 68 d8 bb 52 f5 d4 ed 9d c3 e4 3a 22 ae d0 3b 3b e7 15 9d 47 b3 2a 25 8f 04 d8 6b da 36 87 ab 6b 4b e1 3b 58 ac 74 6b 7b 48 35 48 66 dd 3b 79 85 9e 48 fc fd 9c 29 63 b7 70 6f ba 76 66 ad fe cf 37 fa aa 7c 7e f0 f7 97 ab 5f 4b 0d 9e a9 77 63 7d 69 6f 62 db 6d a3 9a 43 23 db a3 7f 1a be 33 b7 ad 74 6d f1 27 57 4f 18 f8 d3 c2 be 15 92 0b ad 3f c5 5a b3 4f 7d fd a9 a7 2f 9a f1 fd 95 17 cd 6f e1 5f bb bb f5 ac 1f 82 3e 34 f1 8d 94 76 3a 7e 8f a9 58 c5 f6 af 12 5c cf 2c d6 f6 b1 b4 b7 2a 8a 9b a5 97 78 fb a3 cb 5d 9f 8d 73 4e 71 85 da d8 b5 76 7b 17 8c 3e 20 ea fa cd c6 93 e0 f8 52 ee de de ce e2 75 9b
                                                                Data Ascii: Z{Zy>XYYF/?:?lo5Og4hR:";;G*%k6kK;Xtk{H5Hf;yH)cpovf7|~_Kwc}iobmC#3tm'WO?ZO}/o_>4v:~X\,*x]sNqv{> Ru
                                                                2024-12-23 14:09:35 UTC16384INData Raw: a3 65 47 f3 6e 23 93 6e df ef d6 a5 bf 8a 96 29 fc c8 e3 85 3f 85 11 e0 5d bf 9a 9c d2 b7 8a 9c 24 3f e8 96 bf 2f df f9 3e ff 00 f9 ed 51 cd 3e 91 36 f6 54 15 af 53 f0 ff 00 82 43 f6 b8 1f ef 79 6b ff 00 6f 52 7d df ce 92 49 60 3b 1a 3f 2f e6 f9 7f d7 49 57 1b c4 b6 6f 32 37 d8 7c a5 fe 3d 90 46 db ff 00 95 36 3f 10 d9 b4 08 d2 69 b1 f9 8b bb 63 a2 2a ab fe 1d b1 52 b9 bf 94 d6 51 a5 ff 00 3f 57 fe 02 55 86 ef 64 ff 00 bb 82 05 db bb e7 47 6f 9f fe fa a5 86 fe fb c8 da b2 6d 8d bf d8 5d bb aa c2 eb b6 9f 77 ec 91 f9 7b 3e 7f e1 f9 8f f7 46 29 bf db 16 d6 f2 3f 93 06 e6 97 6f df 7d bd 3f e0 34 3d 7e c8 a2 e0 ad 6a bf 71 03 45 7c ff 00 2a cf 6b 13 36 ef 9f e5 fb bf 85 44 b2 df 27 ef 16 48 db 6a 7c 8e 90 7c cf b7 b8 3f d6 b4 57 c4 1a 52 4e eb 35 a7 cc ce bf
                                                                Data Ascii: eGn#n)?]$?/>Q>6TSCykoR}I`;?/IWo27|=F6?ic*RQ?WUdGom]w{>F)?o}?4=~jqE|*k6D'Hj||?WRN5
                                                                2024-12-23 14:09:35 UTC16067INData Raw: 71 df bd 7b 07 c1 5f 8c 9a 56 9b e2 4b bb 1f 11 5f c9 2c 3a 6d a6 dd 3a e2 64 66 9e f5 52 47 e2 65 fe f8 46 e3 a6 76 57 98 6a d3 e8 7f 65 b7 f1 15 9f 97 6b 33 3d c7 da ed 1d db 6d cf ef 36 c7 73 1a b6 4a af 77 4c e7 db 15 dd 91 e1 31 78 69 62 68 d7 5a 4a d6 6b 6d 53 db f5 32 c6 d7 a1 51 53 94 5e ab fe 01 b1 e2 cb 2d 43 c5 1e 3f 87 50 f1 25 df f6 6d 8c 4e b1 69 cf e5 aa fd 8a cb cc db bf f8 46 e3 f3 13 8c fc cd 59 1f 13 a2 d1 5e c5 34 bf 04 c7 f6 cd 2f 4d db b3 51 86 e9 9a ea 65 2c 73 e6 c2 de fd 36 83 f5 aa 7a 09 d3 f5 cd 72 e2 df 56 bb be bc 6b 79 bf e2 5c 9b 19 95 e3 76 3b d9 73 c2 ae ee df 2d 64 78 92 4d 3d f5 27 8f 4d 82 d6 c2 3b 7d cd 6e 93 7e e2 57 5f 69 07 0d 9e d9 f9 ab e9 70 b4 7d 9b 8c 3f 95 2e 9a 1e 6d 49 de ef bf de 47 e1 34 8a d6 ea e2 e2 49
                                                                Data Ascii: q{_VK_,:m:dfRGeFvWjek3=m6sJwL1xibhZJkmS2QS^-C?P%mNiFY^4/MQe,s6zrVky\v;s-dxM='M;}n~W_ip}?.mIG4I
                                                                2024-12-23 14:09:35 UTC16384INData Raw: f5 c4 47 ff 00 89 75 cd be ed c8 fb 8f ee f7 12 fe 50 2b fd ce 3e f5 79 56 9f e1 1b e5 81 b5 29 36 7d 8d 6f 9a d2 54 49 ff 00 e3 da 41 f3 04 73 db 2a 3d f7 6d af 5b 0f 89 a3 52 4e 53 4b 99 5b d7 fa 76 2f 96 4a 2a 29 e8 c9 fe 14 e8 9f 68 d5 61 bc bc f9 59 9e 35 85 11 f6 b2 65 bf 2e 76 e3 fe 05 49 e2 24 8b 49 92 fa 49 2e 3e d0 d1 4d f6 6b 77 74 65 64 cb 6f c7 f7 46 3f 2a df d5 ad 22 f0 f6 8f 69 67 25 dc 9f 6c bf 86 6d ef bf 72 db 30 6c ec 21 b9 e7 80 4d 70 7a c4 ec b1 c3 ba 49 25 87 63 37 ce 9f 7f de bb 69 5e a4 9c d3 d1 9a 4e d0 82 8f 51 2d 4a db fc b7 11 c9 b9 be ff 00 f7 aa e7 85 fe d3 16 b1 6f 37 ee d9 ad 66 56 d8 ff 00 34 4f eb b8 7f 76 a9 68 62 0b 8b e4 6b a9 24 58 7e 6d ef bf ee 7c bc 6d fa 56 97 83 6e 16 0f 1a 58 ea 0d 77 6b 6b e5 4c b2 bb dc 23 4b
                                                                Data Ascii: GuP+>yV)6}oTIAs*=m[RNSK[v/J*)haY5e.vI$II.>MkwtedoF?*"ig%lmr0l!MpzI%c7i^NQ-Jo7fV4Ovhbk$X~m|mVnXwkkL#K
                                                                2024-12-23 14:09:35 UTC16384INData Raw: 2d 5e e2 d7 c5 1a c4 ab 14 cc af 32 5a c7 b5 d4 77 55 eb b7 fd a1 5a 1f f0 cb ff 00 0e ec 3f 7d 7d ab 78 8d 21 fd cf fa e8 3f bf fe ea 1d ab ee 6b 2f ed 1a 36 be bf 71 b7 f6 7d 6b db 4f bc f8 f5 85 cb ff 00 b3 b7 fe f9 a9 14 5e 7f cf 4d b5 f6 0e a9 f0 43 e0 7e 9d 71 bb 56 d6 af a2 86 df 72 cd bf 54 55 95 d5 3f 8b 6e d0 7f 01 5e 5d f1 62 df e0 7e 97 e1 ff 00 b2 f8 7f 4d ba fb 45 e4 2a d1 5d da 6b 0b 7d e4 b0 6f e2 5e 36 e5 7a 8f ca 9c 31 d0 a8 ed 14 c5 3c 0c e0 9b 94 91 e5 5a 0c 6d 3e 95 70 d7 11 ee fb 3c 32 32 7c fb 7f 86 b2 34 f8 da 3f de 37 cd 5b da 85 bb 2d 8c d3 69 3a 4d f2 d9 aa 2f 9d 36 c6 65 dc 57 9f 98 8f 97 f1 ac 95 2a d0 24 71 ff 00 c0 eb a1 6b a9 c6 d5 8b 5f 66 65 81 2f ae 3e 58 d9 f6 c2 8f fc 75 7d a2 8a d2 08 a1 8e 38 25 ba 97 e6 79 be 6f 93
                                                                Data Ascii: -^2ZwUZ?}}x!?k/6q}kO^MC~qVrTU?n^]b~ME*]k}o^6z1<Zm>p<22|4?7[-i:M/6eW*$qk_fe/>Xu}8%yo


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                14192.168.2.649841150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:35 UTC375OUTGET /th?id=OADD2.10239402456886_16PSERWAUMTCB5AWR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:36 UTC856INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 700910
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: A1A8D13A292848A39BAB206088E51132 Ref B: EWR311000107019 Ref C: 2024-12-23T14:09:36Z
                                                                Date: Mon, 23 Dec 2024 14:09:35 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:36 UTC15528INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 19 70 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 20 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 31 20 28 57 69 6e 64 6f 77 73 29 00 32 30 32 34 3a 30 39 3a 31 32 20 30 39 3a 34 35 3a 33 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``pExifMM*bj(1 r2i``Adobe Photoshop 25.11 (Windows)2024:09:12 09:45:308
                                                                2024-12-23 14:09:36 UTC16384INData Raw: 1a 51 dc 2d 3b cd dd 59 f1 9f e2 a9 e3 7f ef 56 2e 07 64 2b 36 59 5f 9a ad 43 b5 63 aa 2b 2e df bd 4e 59 ea 1c 59 d1 09 a4 cd 05 7c a5 0d 54 e3 97 fb b5 65 7e 68 eb 2b 1d 0a 57 21 99 15 6a 06 3b 6a d4 89 ba 3a ad 34 55 71 66 75 23 d8 85 9e 9c ae cd 4b e5 ed f9 5a 9f 1d bb 79 95 7c c8 ce 31 95 f4 25 b5 dc b5 72 12 cd f7 aa bc 31 35 5a 8e 37 58 eb 9e a6 a8 ee a5 16 b7 0c bd 23 1d b1 d3 f6 ee a6 b4 75 99 b1 04 87 75 26 76 d4 92 22 ff 00 0d 31 85 68 64 c6 6e dd 4a b4 8a 36 fd da 75 02 57 ea 2e 29 79 a6 35 25 05 16 63 7a 95 65 5a a8 bf eb 2a 65 f9 ab 39 24 6b 09 74 27 56 cd 3a a3 53 52 2d 66 6c b7 17 34 8d 43 50 a3 75 51 4c 86 40 d4 2a 54 db 68 61 b7 ee d3 b8 ad 61 98 a5 51 4e db ba 9c d1 e2 a6 e8 a4 86 ad 49 48 a9 4b 50 cd 05 c5 25 3b 63 35 0d 1b 50 52 8b 62
                                                                Data Ascii: Q-;YV.d+6Y_Cc+.NYY|Te~h+W!j;j:4Uqfu#KZy|1%r15Z7X#uu&v"1hdnJ6uW.)y5%czeZ*e9$kt'V:SR-fl4CPuQL@*ThaaQNIHKP%;c5PRb
                                                                2024-12-23 14:09:36 UTC16384INData Raw: ad 26 82 9b e4 53 e7 f3 17 b2 66 76 c7 a3 15 a0 d1 54 4d 15 1c d7 27 d9 b2 a6 29 b8 7a b9 e5 37 ad 23 5b b5 3e 64 2e 49 76 29 c9 b9 be 5a 8b cb 66 ab ed 68 d4 7d 91 ea f9 d0 bd 9c 8a 1e 55 1e 55 5d 6b 66 a6 b4 0d 47 b4 17 23 2b f9 6a b4 2a 55 9f 2f fd 8a 4d 94 b9 82 cc 8b 14 6c a9 76 bd 35 92 8b 80 cc 52 54 9b 1e 93 63 d1 cc 80 89 82 d3 bc b1 52 6d a7 6c a7 74 04 3e 5d 2a a5 4b e5 d1 b2 8b a0 23 d9 4e 54 a7 ec 6a 55 0d 53 cc 01 1a 62 9d 45 3a a4 ae 51 56 96 91 6a 68 63 a0 b4 ae 22 a5 4d 18 a5 50 ab 4b be 95 cd 03 3b 69 b2 3b 52 e5 2a 19 0e ea 10 9e 88 63 1a 6f 34 e6 a6 d3 32 6a e1 4e a4 c5 18 a0 5c a2 ee f7 a5 cd 31 45 3b 6f b5 02 e5 62 e6 96 93 14 e5 14 0f 94 31 46 29 d8 a5 a0 ab 58 6e ca 36 53 f1 4b 40 0d db 46 d5 a5 c5 2e ca 00 f9 0e 8d be d5 63 cb a3
                                                                Data Ascii: &SfvTM')z7#[>d.Iv)Zfh}UU]kfG#+j*U/Mlv5RTcRmlt>]*K#NTjUSbE:QVjhc"MPK;i;R*co42jN\1E;ob1F)Xn6SK@F.c
                                                                2024-12-23 14:09:36 UTC16384INData Raw: 80 a5 9f 74 87 6b 3a 46 ff 00 27 f0 ff 00 08 e3 6d 7a 3f 85 7e 34 5c db f8 e3 5c f0 ef 8a b4 d8 19 b4 db eb 48 2d 2e 74 97 69 7c e8 e7 8c ed 73 8c e4 ee 1f 37 4d bc fa 57 96 f8 ba df c4 2d aa f8 ff 00 52 d4 12 4d 37 4b f1 1d c5 ba e9 da 4d c5 ac 92 b6 d8 2e b6 cd 3c 81 55 d1 7c c6 4d 8b 2b ed dd bb 8e 29 b9 a6 b4 35 a7 15 f0 b6 70 fe 17 f1 ee b5 aa 78 ff 00 50 f0 0d af 89 27 d2 34 3d 0d d6 2b 1f ec bd ad bd 93 83 2a 12 ca db 59 b7 31 db 9f bd d1 ba 57 d1 7f 06 fe 22 5e 5e ea a9 e1 5f 15 5b c7 61 a8 25 8b 35 a4 2f 04 91 4b 37 97 ee ff 00 7b 72 6d 61 eb cd 7c 4d f1 1b 4c f1 8f 80 fc 7e fe 22 b3 8e f9 6f b5 29 a3 68 7e d6 9b 99 d8 f3 fb c8 ff 00 85 ba ed ff 00 76 ba ff 00 83 77 f7 3f 15 6f bf b1 61 82 ea f3 c4 91 5a 48 af 35 dd d2 c5 f3 27 cf c3 6d d9 12 77
                                                                Data Ascii: tk:F'mz?~4\\H-.ti|s7MW-RM7KM.<U|M+)5pxP'4=+*Y1W"^^_[a%5/K7{rma|ML~"o)h~vw?oaZH5'mw
                                                                2024-12-23 14:09:36 UTC16384INData Raw: 47 93 fe 71 56 24 1b 2d de 49 3e 58 d7 ef bb fd d4 c7 bd 0c 36 c8 8a de 5e e6 fb 9f ed e6 a7 98 af 66 8a fe 4f f9 c5 1e 4f f9 c5 43 ac 6b 1a 46 91 1b ff 00 6b 6b 5a 6d 86 d4 dd b2 e2 e9 55 b6 ff 00 ba 79 ae 4a fb e3 07 80 ad e4 db 0e a5 77 79 ff 00 5e 96 ad b5 ff 00 17 db 4b da 25 bb 1f b2 3b 3f 27 fc e2 9c b1 57 95 ea 1f 1d 74 f5 df fd 9f e1 7b e9 7f db bb ba 8e 2f fd 07 75 67 49 f1 e6 f9 a7 db 1f 85 ec 62 5f fa 6d a8 b7 fe ca b4 bd b4 7b 8b d9 9e cd e5 d2 ec db f7 ab c4 64 f8 e3 e2 c7 83 74 3e 17 d2 95 9b 72 a3 a4 f2 4a bb bf 0a 2d fe 32 78 cd ad 5e 4b ad 33 43 b5 ff 00 7e 09 3f f8 e5 43 c4 d3 5d 4d 23 42 4f 64 7b 92 a5 71 7f 1c 07 8e 1f c2 b3 5a f8 1e 0b 1b 8b 86 85 be dd 15 df 99 17 9d 09 f9 36 c5 70 ac 3c a9 3e f7 38 6a f3 dd 43 e3 2f 8a 9a 37 85 67
                                                                Data Ascii: GqV$-I>X6^fOOCkFkkZmUyJwy^K%;?'Wt{/ugIb_m{dt>rJ-2x^K3C~?C]M#BOd{qZ6p<>8jC/7g
                                                                2024-12-23 14:09:36 UTC16384INData Raw: d5 f9 90 9d 63 a0 d4 12 55 8f ce 8e ee 48 b6 fd f4 fe 1a c9 9b 54 d4 e0 fd dc 70 6e 8d b6 ff 00 1f f0 fd 3a d2 e9 ba ac f0 48 ed 24 7e 6f fc 0f 6d 1a b5 cf da 2e bf d1 e3 91 55 b6 b7 c9 fc 1e b5 31 c3 b8 bf 78 ce 55 6e ae 8c cd 4a 5b 99 67 7f 33 cc 56 6d bf 22 7f 76 a9 db c5 b6 b5 2f a2 b9 97 e6 69 24 b8 ff 00 6d 2a 6b 7d 22 54 d8 d7 5f ba dd fe ed 75 42 36 47 1c ae d9 1e 93 2b 5b c8 ed fe a9 7f 8d f6 2b 56 ad 9d bc 1f 6a 85 6e 20 93 51 93 67 fa 97 76 55 4e fd 14 fe 94 cf 2f 4f 82 34 8e 19 24 95 99 3f 7d bd 17 6e ea b1 63 6f a7 ad d2 7f af 95 77 ff 00 bb 57 18 ea 0e 4d 23 5b 47 b2 b3 82 74 be 9b 45 b1 ba 93 ee bd a3 a3 79 0f f3 7c c7 e4 fb ad fe ed 63 f8 8b c3 9a 2f 8b e4 be 8d b5 2b ad 1a 6b 0b b5 df 63 0e 97 24 b6 68 c3 e5 56 82 47 2c fc 47 bf af cb e6
                                                                Data Ascii: cUHTpn:H$~om.U1xUnJ[g3Vm"v/i$m*k}"T_uB6G+[+Vjn QgvUN/O4$?}ncowWM#[GtEy|c/+kc$hVG,G
                                                                2024-12-23 14:09:36 UTC16384INData Raw: e5 63 f6 5a 9d ec 63 65 f2 2c 7f 75 77 2f fc 05 bf c2 b4 61 8f fd 2b cb 68 f6 fc 9b ab 22 49 ed a2 be f2 d6 ee 39 5b 7e e4 74 fe 35 db 91 b5 ba 1f f3 de a9 6a 5e 2d b6 83 5c b1 ba 9b cc 5d 36 5d ca f7 7f 2b 2a 36 ec 21 35 9a cc b5 b5 f5 2f d8 79 1a 5a a6 b9 67 61 6b 0e a0 d7 7b ac e5 9a 15 fb 9b 59 19 db 66 1b 3e fe dc 53 1b 54 df 63 70 cb f2 ad ab b3 3b be ef bc 1b ee ff 00 df 35 e7 3a 96 8d 2d ae ab a8 6a d3 5d fd b3 47 b5 d5 17 ed 70 c2 ff 00 ba 86 37 6f 95 e4 7e 3e 50 dc 65 41 da d8 f5 ae c7 4f f1 0d 8f cf e4 db c8 b0 de 6e 57 f3 a7 56 de db 89 57 f9 47 dd db fa 56 75 73 3a 9a 2e 81 1a 31 2f c9 ac 45 a8 f8 82 df c9 93 75 be c5 6d 89 fc 6d b8 ff 00 fa ff 00 e0 35 47 c6 17 1a ae 8d ae 4d 36 8b 27 d9 ed 75 24 f3 ee f6 41 b7 f7 9d 17 f7 9c ff 00 86 3e b4
                                                                Data Ascii: cZce,uw/a+h"I9[~t5j^-\]6]+*6!5/yZgak{Yf>STcp;5:-j]Gp7o~>PeAOnWVWGVus:.1/Eumm5GM6'u$A>
                                                                2024-12-23 14:09:36 UTC16069INData Raw: bf 38 41 21 23 cc 59 83 f5 e1 54 06 c9 ae ba 39 d3 8d 29 ca b4 39 db 8b bb db 47 ab df 6d f6 fc 88 9e 52 ef 05 19 72 a5 25 6f 55 6b 2f c3 fe 1c 5d 78 c8 9e 22 58 fe cb 1c ad bd a7 de 8e df b9 9b 6e e2 41 eb ed f7 bd e8 d1 4c 4d aa a2 ea 57 72 5d 48 d3 46 c8 f7 69 bb c9 c3 70 db fa ae de c3 6e 3d e9 3c 49 a4 6a 7a 5e a5 0c 7a f4 71 d8 4c af b9 fc 97 93 e4 64 67 f9 9d 59 b3 f4 28 4e 7d 6a e5 bf f6 9e 8d 7c aa b6 89 7e d1 24 93 ba 5d c7 34 f0 3c 6f f7 2e 03 01 db ef 61 b7 86 ef 5e ce 03 3b c0 62 f0 1e ce 3f 12 8e cf aa 49 6a ad ba fe 99 11 c1 e2 b0 d8 c4 e7 2b c2 4d df b6 b7 fc 4d 4d 26 3b 9d 26 c7 56 d1 66 b0 d3 75 6b 3b 89 bf d2 3c 9b e5 dd 0c 88 cf 89 51 b3 bd 18 ff 00 2a ab ab e9 3a 62 df a3 5a df 41 67 6f 70 8b 24 36 f7 2f 24 ac ff 00 bb de ea ae a3 e7
                                                                Data Ascii: 8A!#YT9)9GmRr%oUk/]x"XnALMWr]HFipn=<Ijz^zqLdgY(N}j|~$]4<o.a^;b?Ij+MMM&;&Vfuk;<Q*:bZAgop$6/$
                                                                2024-12-23 14:09:36 UTC16384INData Raw: ee d6 4f 89 b5 59 e7 f0 fd f5 be 83 7f ff 00 13 06 85 96 de 64 fb a8 df ef 30 23 f4 6a ce 5c 91 57 65 43 9e 4e cb 53 e6 5f 8e 1e 04 f1 7e 8d 07 89 35 2d 07 ec 31 69 f7 53 5c 6c b6 48 21 ba 9f ed 12 28 69 86 cd a7 63 2a ee 3b 8f 2a 3e b5 e4 b6 76 0d a3 78 72 dd 56 ef 4d f3 99 3f da 66 7c af 3f 2f f0 7d 7b d7 ae fc 7a f1 a6 b5 a5 c7 35 8d ac 7f d8 d6 73 eb 9b ae de c6 06 59 ef 6e 3c b1 e7 4e d2 e4 7c bb 97 8e 17 95 f4 af 1a d5 23 fb 54 e9 b7 56 fb 55 ad c4 b2 5c dc 3d c7 cb fb b0 b8 ce ff 00 ef 96 fd 6b e6 2a d4 84 a5 ee 3d 2e 7a 13 52 5a 49 6b 63 9b f2 60 d3 75 19 a4 f3 37 6d 85 65 44 fb cb b8 fd ee dc d7 41 f0 e7 5f fb 05 f2 43 71 24 9f 3c de 55 bf 9d b7 ca 48 4a 9f 94 f7 fb dd eb 95 d2 6e 60 8b ed 16 ba 94 72 4b 22 a6 db 44 7d df 22 f9 9f 36 ee 9b be 5a
                                                                Data Ascii: OYd0#j\WeCNS_~5-1iS\lH!(ic*;*>vxrVM?f|?/}{z5sYn<N|#TVU\=k*=.zRZIkc`u7meDA_Cq$<UHJn`rK"D}"6Z
                                                                2024-12-23 14:09:36 UTC16384INData Raw: 4f 33 4d 16 e5 cd 43 40 b3 7d 37 6c 7f 6a 5d a9 b5 de 6f 9b 64 83 ef 6d 38 1f 2d 73 37 5a 7b 59 6c fb 47 ca df c6 8f 5a 5a d6 b1 aa cb 75 b6 ea ef e5 57 6f b8 ff 00 2b e7 da b0 6f 9d a5 9d e6 69 24 66 6f bf be bb 69 f3 2d c9 24 f2 2d 9e 44 fd e6 d6 ad 2f 0d bc 56 ba 8c 3b 6e 36 cd bf 72 4d bd 97 66 2b 09 9d 97 66 da d3 f0 ed a4 f3 df 24 de 5f ee e2 f9 9e b5 92 ba 26 5b 1a fa c5 bc af 3c df 6a 92 49 6e 1a 66 67 7d fb b7 e7 9f bd fc 59 ac 1b cb 29 6d 6e bc b9 23 92 26 fb d5 b3 34 eb 3c ee cd bd 57 7f c9 fd e4 a8 e6 3e 6e b9 0a c3 77 e6 af d9 fe fc c8 ab f8 71 53 1d 11 25 3d 27 cf fd f4 d7 5f 77 67 df 7a 8f 52 9d ae 23 85 be cf 02 ed f9 7e 44 fb ff 00 5a b7 e2 49 d6 de 4b 7b 58 7e 56 d9 fe 91 b1 fe 57 63 55 2e 24 ff 00 45 f2 7f ba fb 92 ae f7 03 5b 43 bf 9f
                                                                Data Ascii: O3MC@}7lj]odm8-s7Z{YlGZZuWo+oi$foi-$-D/V;n6rMf+f$_&[<jInfg}Y)mn#&4<W>nwqS%='_wgzR#~DZIK{X~VWcU.$E[C


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                15192.168.2.649848150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:37 UTC375OUTGET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:37 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 634564
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 48F598111E004AFD866774F5271920AF Ref B: EWR30EDGE0816 Ref C: 2024-12-23T14:09:37Z
                                                                Date: Mon, 23 Dec 2024 14:09:37 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:37 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a a0 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 38 3a 30 32 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:28:028
                                                                2024-12-23 14:09:37 UTC16384INData Raw: 22 16 4a 4d b5 3e ca 46 4a 40 41 b6 93 6d 4e c9 48 c9 54 04 2c b4 9b 6a 6d b4 8c b4 01 03 03 4b b6 a5 db 49 40 11 62 92 a5 db 49 b7 14 01 1d 23 0a 93 6d 1b 68 02 2a 4d b5 2e da 4d b4 01 16 da 46 15 2e da 46 5a 00 89 85 35 85 4c cb 48 cb 40 11 50 c2 a4 a4 db 40 11 ed a4 db 52 30 a4 c5 16 01 94 98 a7 d0 c3 14 00 cc 51 8a 72 d2 f3 48 68 d7 f0 1d aa 5c eb d1 87 5d db 7f 86 bd 86 c5 02 7e ec 74 5a f2 0f 03 1b 94 d6 23 fb 3a ed 2c d8 dc df 75 7d 6b d7 f4 95 73 1e 64 6d cd 5e 16 65 7f 68 8f 5f 07 fc 32 ea 2d 39 96 9e ab 4b b6 bc d3 a8 8b 65 35 97 15 63 6d 46 eb 40 10 b2 fa d2 2c 78 6a 9b 6d 2a ae 68 01 8a b4 ec 66 97 18 a1 b8 a0 06 32 d3 58 53 99 a9 ad 40 02 8a 55 41 4a 83 34 f5 14 00 d5 4a 5d 94 f5 a7 63 34 01 0e ca 19 2a 5c 51 b6 80 2b 32 d3 1d 6a cb 25 31 d2
                                                                Data Ascii: "JM>FJ@AmNHT,jmKI@bI#mh*M.MF.FZ5LH@P@R0QrHh\]~tZ#:,u}ksdm^eh_2-9Ke5cmF@,xjm*hf2XS@UAJ4J]c4*\Q+2j%1
                                                                2024-12-23 14:09:37 UTC16384INData Raw: ad 4b 7f 69 3d b5 c6 25 89 a3 dd f7 77 52 2a b0 e0 57 42 b5 b4 31 d9 d8 6f 2d cd 3b cb 1b 68 da 43 7b 53 9b 23 a5 16 02 2d bf 37 34 bb 30 bc 54 ca 85 bf 86 94 c6 47 d2 80 3e df 98 40 d5 52 64 8c 37 15 88 b7 d3 8e bb aa 44 bd 62 d8 35 f3 1e c9 9e bf 3a 2e cd 20 15 56 49 f6 f2 1a a4 8e 68 df ef d2 b4 10 3f 22 9a 49 0b 52 aa 5d b9 91 76 6e cd 6c 5b db dc 35 be f9 6e 76 b7 f7 56 a8 b5 b4 69 ca 54 b8 22 3e 5a 9e 9d 03 52 c2 e8 b7 77 16 ed 25 bc ea c7 fd aa aa fa 2e bf 0c ca 65 81 a5 8f fe 99 b0 6a bd a5 6a 7f 65 93 cb 92 5d aa d5 d1 d8 de 09 d7 31 ce ac 29 7b 59 c7 a6 81 ec e3 23 9d b3 b5 96 39 17 ed 3e 7c 5f dd 5d b5 aa 91 a4 51 ef 93 76 2b 61 b0 cb f3 ed 6a 14 c1 f7 0d 63 29 f3 33 45 1b 18 49 7f 66 f2 6c f3 76 ed a6 dd 6a 36 f0 cc a3 cd 56 ad bb 8b 7b 37 e4
                                                                Data Ascii: Ki=%wR*WB1o-;hC{S#-740TG>@Rd7Db5:. VIh?"IR]vnl[5nvViT">ZRw%.ejje]1){Y#9>|_]Qv+ajc)3EIflvj6V{7
                                                                2024-12-23 14:09:38 UTC16384INData Raw: e1 5b 49 e2 f3 06 e6 82 42 9e 5a 7e 39 dc 6b c6 23 8e cd ad d4 c9 3f 97 27 f1 7f b2 3e 95 14 96 c8 f2 32 5b 4a d2 2f 5d df 75 ab 9e a6 0e 8c b7 5a 9b 43 15 52 3b 3d 0f b1 fc 1b e3 cf 03 f8 bb ca 8f 4a d6 15 6e 64 5c b5 b4 bf 23 af b7 cd 8a dc 6b 4b 39 ee a4 b7 83 51 b6 69 62 ff 00 59 1a ce 19 97 ea 33 5f 12 d8 e9 b7 23 6c f2 ce d6 c5 57 30 36 ed ad 91 fc aa ce 95 77 ac 5b 5c 4b 2c 1a 9b 45 23 7c 92 4a d2 9d cc 33 fa d7 9b 57 2f 8a 7e e4 b4 3b 61 8c 6f 78 9f 66 dd 78 76 e1 97 72 32 d6 79 f0 bd cb b7 cf d6 be 76 d0 fe 30 fc 40 d2 b4 78 ec ad f5 af 36 18 24 f9 64 b9 84 3b c8 3d 32 79 c5 7a 07 86 3f 68 fb 39 b7 0d 7f 43 9e db 6b 01 e6 db 48 1d 7d fa ff 00 4a e7 78 5a d1 f8 5d cd a3 88 a4 f7 3d 3a 1d 06 ee 26 d9 4f b8 d2 2e 23 5f ba d9 6a 8f c1 ff 00 10 3c 35
                                                                Data Ascii: [IBZ~9k#?'>2[J/]uZCR;=Jnd\#kK9QibY3_#lW06w[\K,E#|J3W/~;aoxfxvr2yv0@x6$d;=2yz?h9CkH}JxZ]=:&O.#_j<5
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 54 ce 4b 62 a2 9b d4 a8 b0 ef f3 23 8d 59 b7 67 cc 6e 77 2e 7d 69 77 45 0d ab 07 89 58 af 0a cd f3 37 d4 d4 9a 85 c2 5b db b4 10 45 e6 aa ae 19 95 bd 7f 2a 21 49 5a 38 fe 5d ab 22 fc b1 47 8f 9a a7 a5 d9 7d 4a 91 cb f6 98 56 48 e2 93 ef 79 71 ee c7 5e e6 99 7f 11 2d 81 b9 59 7f bd f2 d6 fc 76 f0 24 8a ee b2 46 b0 2e 59 be ea 2e 7d 07 f1 1a c4 d6 2e 23 46 8d d2 39 3c c9 18 ff 00 ac fb b8 1d c8 14 53 95 de 81 25 65 a9 95 24 2f 04 db ce dd ad f7 7f cf 4a 7c 93 94 8f 9e af f7 b6 af cc b5 66 6d 92 43 88 f6 ca 37 7d ef 2f 6e df ce a9 dc 10 93 33 a2 ed 8f a3 6e ae 95 ae e6 3b 0c be 73 1c 6a 0b 48 dd 0f f7 79 34 db 11 28 93 cc 9d 59 8f 45 5f ad 4b 72 4d c3 2c b2 33 79 6b fe d7 f5 ab 56 26 54 8f fd 6f 3b 7e 5f 33 e5 eb e9 4d e9 12 3a 8f 51 12 48 d2 3f cc cd c2 c6
                                                                Data Ascii: TKb#Ygnw.}iwEX7[E*!IZ8]"G}JVHyq^-Yv$F.Y.}.#F9<S%e$/J|fmC7}/n3n;sjHy4(YE_KrM,3ykV&To;~_3M:QH?
                                                                2024-12-23 14:09:38 UTC16384INData Raw: e8 6d a4 7b a8 e3 45 59 0c 8c 02 ab 7b d7 56 cb 53 0e aa c4 4c c5 9b fb c3 f8 ab 73 e1 df 86 ae fc 45 ac 2c 45 59 6d 57 fd 64 ab 19 66 5f 61 8e f5 de 78 47 c0 7a 3e 9d 0c 5a a6 b7 6c d7 82 45 ff 00 56 df 34 2a 47 56 ea 3e 5e d9 39 a8 ae 7c 53 6f a7 47 75 1e 9c b0 69 f6 f2 49 88 96 38 19 56 6c f7 cf 70 3d ab c8 ad 98 ba 8a 50 c3 ab be e7 7d 3c 27 2b 52 a8 fe 47 6d e1 3b ad 2a c2 e1 b4 2d 12 d3 cb 48 17 f7 ad 2b 6c dd c7 52 40 fe b5 8f ab 6b 51 41 74 b0 5e dc ac f1 c4 c6 48 e4 dc ea 8a 47 41 ce 33 8a 97 c2 36 3a 85 95 af da f5 0b cd d1 ce db 97 cb f9 77 03 f5 3c 7e b5 8d f1 0a dd 2e 64 51 24 17 37 9b 72 62 8a d1 b7 32 a6 3f 88 8c f1 9a f0 29 d3 84 ab b4 dd fc ff 00 e1 cf 5a 53 6a 9e 87 31 36 9f aa 78 bf 52 64 4b c5 88 46 ac ed 23 30 db 8c f0 02 2f 3f 9d 75
                                                                Data Ascii: m{EY{VSLsE,EYmWdf_axGz>ZlEV4*GV>^9|SoGuiI8Vlp=P}<'+RGm;*-H+lR@kQAt^HGA36:w<~.dQ$7rb2?)ZSj16xRdKF#0/?u
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 9d 83 6d 1e cb c0 15 9f 7d 3d c4 1a a4 0e 6f be d9 36 d3 b6 0e 7e 69 3b 0e 80 67 bd 3a 7a fc 2c a9 59 6a d1 76 ce 5c c7 28 b4 89 63 0b 21 76 91 9b 76 e3 df 27 ff 00 d7 50 c6 2e 04 32 3d ec 52 46 6f 23 0e aa cd b1 70 38 00 f2 7a fa 55 1d 56 e5 20 86 da d2 78 b6 86 50 f2 6d 6d aa a0 1c f7 e0 02 7f 3a b9 f6 98 e6 f3 6e 2e ef a3 55 9f 06 db cd 6d cb 18 ec c0 f7 fa 56 8e 2e d7 26 fa 8c b8 37 12 5a c8 6d fc c9 23 82 42 ed 1d b4 03 6b 71 f7 73 eb 9a 9a dd 2f 6f 6d 63 49 60 82 2b 89 f6 f9 8a df 3e d1 9f e3 3d db d8 74 a3 c3 ec 5e 69 e3 d3 e5 9d ad 77 80 b3 b4 9c 7b ed 1c 75 eb 55 bc 58 fa 44 7a 7c 49 73 73 3d 9b 47 23 6d 6d bd ba 67 38 a6 ae e7 c9 6d 43 45 1b 91 f8 d3 50 95 63 6d 2a 15 5b 9b fe 42 f9 0c 17 6a 75 25 f3 f7 78 ae 2a e5 85 95 8e 1e 0f 22 e6 4e 23 89
                                                                Data Ascii: m}=o6~i;g:z,Yjv\(c!vv'P.2=RFo#p8zUV xPmm:n.UmV.&7Zm#Bkqs/omcI`+>=t^iw{uUXDz|Iss=G#mmg8mCEPcm*[Bju%x*"N#
                                                                2024-12-23 14:09:38 UTC16067INData Raw: 3f 95 24 fe 23 9e 07 d6 9f 34 9b 4a c3 8a d0 ca b4 69 12 f1 ad e4 89 54 c5 cb 6e cd 6b 5b c5 6e 9a 2d f5 ce ef 30 c2 d1 a2 af bb 1e bf 95 45 a6 e9 d2 4f 1c 97 e6 db 70 59 04 6d e5 b6 ed ae 7b 7e 54 58 5a b5 bc 7e 56 d6 62 df bc 65 6f bb f9 d5 3e 84 f5 29 4c a2 69 3c f4 f9 76 af cc ac df 7b 15 4e fc 0f b5 28 2b ff 00 02 5f bd 53 da c8 4d d3 19 17 69 97 9f f6 5b e9 4d ba 89 04 cd f3 7f 0f dd ac 89 d6 e2 69 b0 bc b7 92 7a 7f b3 5a 36 68 f2 5a b0 8d 77 75 15 4e de ed ed a1 96 0b 2e 92 c7 e5 c8 cd e9 9c d6 b4 28 6d a1 58 9e e6 35 1e 51 75 65 cb 6d 1d 81 f7 a7 2b 58 a8 95 74 d5 8e 28 65 df b9 7f d9 5f 4a a9 a8 14 91 a4 3b 5b e5 51 b5 7f bb 53 a9 8a 18 54 6e f2 e4 db 96 f3 3e eb 1a 87 52 94 c8 b9 91 97 0a bf 75 7f 8b f1 a2 c5 74 31 37 05 65 07 a5 59 b6 25 99 47
                                                                Data Ascii: ?$#4JiTnk[n-0EOpYm{~TXZ~Vbeo>)Li<v{N(+_SMi[MizZ6hZwuN.(mX5Quem+Xt(e_J;[QSTn>Rut17eY%G
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 6b 3f e4 59 30 ed 5b 7a e8 f3 5a 41 67 13 6d 81 42 2a aa fc cc 07 53 c5 64 e9 fe 62 5c 46 e8 ab 24 9b be 55 65 dd fa 57 da 45 24 b4 3e 76 5b 9a f6 22 6b 78 e4 b5 8a f1 ad ad af b1 e6 6e 5f f5 98 f6 1e 95 f4 17 ec f1 6b 6f 65 e1 1f b4 a6 a1 73 a8 5b d9 c8 4e 97 04 f6 c7 62 c8 4e 59 cf a8 c8 1e d9 f5 af 9e f4 ad 36 e7 56 f1 07 91 02 ed 93 97 91 64 60 ab 1e 3a 9e dc 0a fa 87 c1 a8 67 f0 6d 8d 84 76 d2 49 e7 c1 b3 4f 55 c4 63 8e 9f 2a fa 93 9c 9a f9 0e 28 c7 4b 0d 46 30 a6 f5 96 ff 00 d7 f5 d4 ef c0 45 b9 df b1 d5 f8 6e 1b 9d 52 48 2e a7 68 e0 b6 5d d2 48 b1 41 b3 71 3d 36 8e 06 3d 05 45 ab 5e 9b cf 15 59 cf f6 69 22 55 52 16 e6 55 3b 63 45 fb ea 83 d4 e7 93 d6 ae c3 e2 39 74 6b 58 f4 ed 42 29 1a e6 ea 4f b3 44 d6 39 79 b2 bd 77 1e 88 3e 9c d6 05 8d cc 8d e2
                                                                Data Ascii: k?Y0[zZAgmB*Sdb\F$UeWE$>v["kxn_koes[NbNY6Vd`:gmvIOUc*(KF0EnRH.h]HAq=6=E^Yi"URU;cE9tkXB)OD9yw>
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 97 04 f0 f9 92 2f c9 23 aa e4 82 d8 3b 39 1d 7f 5a e8 df 11 aa a5 84 0a d6 d0 45 e5 b5 ca af 92 d0 9c 70 aa 80 67 81 de b3 b5 4f 0c c1 ac d8 d8 9b 88 a0 6b 78 24 26 fa 5f 33 62 49 c6 02 b6 7d 38 1c e3 9a f9 9c 24 d4 71 31 a8 fa 7f 5a f9 9e ce de e9 bd f1 11 a2 f0 cf 82 f4 34 d4 35 7f b7 34 9a 6c 6f 77 2b 62 67 c3 a0 66 c3 71 85 c8 08 aa a3 3d 3e b5 f3 a7 c4 5f 89 9a e6 9d 7d 3c 1e 12 d6 67 b3 b0 b6 8c 88 e3 5f 7e 18 e4 12 32 49 3d 0f 15 df 7c 56 b8 f1 7f 8b bc 17 63 73 a5 4b a4 e9 f6 37 97 22 c2 d1 a3 bb 32 4d 7c 63 3e 5e 55 48 c4 31 2a 8e 49 3c d7 8f 69 be 03 bb d4 bc 44 ba 14 fa 9e 97 6a 5a e4 db 2d cc 93 ec 56 d8 f8 62 17 af 27 a0 20 66 be bf 2d c1 61 ef 2c 45 6b 37 ae 9d ba ea bb a3 87 1b 52 72 92 8c 34 f3 30 6e 3c 51 79 3e 93 6d 1c 70 41 03 40 cc d2
                                                                Data Ascii: /#;9ZEpgOkx$&_3bI}8$q1Z454low+bgfq=>_}<g_~2I=|VcsK7"2M|c>^UH1*I<iDjZ-Vb' f-a,Ek7Rr40n<Qy>mpA@


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                16192.168.2.649849150.171.27.10443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:37 UTC346OUTGET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1
                                                                Accept: */*
                                                                Accept-Encoding: gzip, deflate, br
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                Host: tse1.mm.bing.net
                                                                Connection: Keep-Alive
                                                                2024-12-23 14:09:37 UTC854INHTTP/1.1 200 OK
                                                                Cache-Control: public, max-age=2592000
                                                                Content-Length: 637660
                                                                Content-Type: image/jpeg
                                                                X-Cache: TCP_HIT
                                                                Access-Control-Allow-Origin: *
                                                                Access-Control-Allow-Headers: *
                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                Timing-Allow-Origin: *
                                                                Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                X-MSEdge-Ref: Ref A: 3250EE16334547E2B52B1CE71FE4E5BE Ref B: EWR30EDGE0114 Ref C: 2024-12-23T14:09:37Z
                                                                Date: Mon, 23 Dec 2024 14:09:37 GMT
                                                                Connection: close
                                                                2024-12-23 14:09:37 UTC15530INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1d dc 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 31 3a 32 31 20 31 36 3a 32 38 3a 34 30 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01
                                                                Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.1 (Windows)2023:11:21 16:28:408
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 05 c2 c0 b0 c7 c2 c6 ab f3 31 f7 af 23 11 9a 53 8d d4 59 ec 50 cb 27 a3 99 e6 9f 0b 7e 15 dc ea 97 8b 77 a8 ed 58 63 6f f5 6c bf 7a bd 66 db e1 4f 86 a1 86 59 3f b3 e3 69 a5 5c 6e fb db 7e 82 bb ed 3f 4f 82 38 56 38 95 57 77 fc f3 ab ab 66 b1 af c9 d6 be 7b 11 98 55 a9 2b de c7 b3 47 0b 4e 9c 6c 91 e3 1a 6f c1 9d 00 ea 12 47 35 8c f2 47 bb e5 66 6a ec bc 2b f0 bf 43 d0 d7 fd 1a 05 f5 56 65 e7 f3 ae ce 45 78 f9 4e b5 2c 6e 7c bf 9f e6 35 cf 3c 5d 69 ab 39 33 58 d2 82 d9 1c cc de 17 d2 a3 9a 4b 97 b6 8d 99 b8 69 19 77 35 3b 4f d0 ac 85 d4 77 11 c7 b7 cb ad eb c1 e6 43 f2 2f 35 42 3d 42 de dd 96 09 65 55 3f ed 56 7c f3 6b 72 ac 91 d0 69 b2 8d aa 82 b4 a1 96 b9 88 ef c4 4d e6 2b 6e 8e ae e9 ba b4 57 3c c6 fb b6 d6 12 83 dc a4 74 b0 cb 9a b7 1c b5 91 6d 2e 6a
                                                                Data Ascii: 1#SYP'~wXcolzfOY?i\n~?O8V8Wwf{U+GNloG5Gfj+CVeExN,n|5<]i93XKiw5;OwC/5B=BeU?V|kriM+nW<tm.j
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 6e 6b 72 cb 8a c5 d4 d7 42 94 6e 71 f7 e4 bb 63 6f 3f de aa 13 5b 33 f4 ae d5 f4 bc f2 eb ba 96 1d 32 33 fc 35 4a aa 27 95 9c 03 69 f3 bb 63 6d 5a b5 d0 2e 24 e7 6b 57 a0 db e9 90 22 ff 00 aa a9 a4 86 da de dd a5 b8 96 38 22 5f bd 24 8c 15 7f 33 4f db b7 b0 f9 12 dc e0 24 d0 a4 45 ce da 8e da c3 62 b4 8f fb b8 e3 5c b3 37 dd 5a 9b e2 07 c5 4f 87 9e 1b 69 6d e7 d6 a3 bc bb 8f 8f b2 58 fe f1 f3 ee 7a 0f ce bc 03 e2 67 c5 fb ff 00 10 dd 34 76 cb f6 5b 05 6f dc db 46 df 7b fd ff 00 ef 1a eb a3 46 b5 4d 5a d0 c2 a5 58 47 a9 ec 3a f7 8b 34 2d 36 dd 8c 53 fd aa 5e 8a b1 fd dc fb 9a e0 35 5f 1d 1b 8b e6 8d a7 55 3f f3 cd 7e 55 af 27 be d7 ae 27 8f 74 8c ca 7f 85 77 7c b5 8d a8 5d c8 ec a4 37 3f de af 46 9e 13 b9 c7 3c 43 b1 eb 3a e6 bb 1c 71 f9 b2 6d 6e fb a8 af
                                                                Data Ascii: nkrBnqco?[3235J'icmZ.$kW"8"_$3O$Eb\7ZOimXzg4v[oF{FMZXG:4-6S^5_U?~U''tw|]7?F<C:qmn
                                                                2024-12-23 14:09:38 UTC16384INData Raw: d3 ad 46 cb 8a 62 2b b2 d2 32 d4 ce b4 d6 14 01 03 2e 7e 5a 7c 7a 7d d4 ed 20 82 da 79 0c 7f 7b cb 8c b6 da df f8 7f a1 4f ad 6b 51 a4 4b e6 08 d8 1d bb 6b e8 df 0c f8 5f 4c b0 d3 76 45 6d 1a 99 39 91 95 7e 66 35 e5 e3 b3 28 e1 9a 8a 57 67 a5 85 c0 fb 58 f3 49 d9 1f 3b 78 2f c0 1a be af 79 24 73 d9 b4 41 57 e5 8e 4e 1b ff 00 ad 5a da bf c1 7f 10 5b 59 b5 cc 57 36 d2 6d 52 7c a5 ce ea fa 2a c3 4e b7 b4 8d 84 11 2a ee e5 a8 bf b5 f3 ad 5a 23 f2 ee af 16 79 cd 77 2b c7 44 7a 31 c0 d0 4a cd 1e 5f fb 37 ff 00 6f da 69 f7 3a 66 af 17 97 6f 04 98 8b fb d5 eb b6 31 e1 b3 f7 85 65 59 d8 88 76 c5 1a aa 8a dd b3 8f 6c 6a 3f bb 5e 65 6a 9e d6 a3 95 ad 73 a9 45 42 0a 24 eb f7 68 53 4e a8 dc 81 50 22 1b 83 f3 53 d9 7f 77 51 33 a1 6c 1a 91 58 79 7f 7b 8a 43 2a fd 9c 19
                                                                Data Ascii: Fb+2.~Z|z} y{OkQKk_LvEm9~f5(WgXI;x/y$sAWNZ[YW6mR|*N*Z#yw+Dz1J_7oi:fo1eYvlj?^ejsEB$hSNP"SwQ3lXy{C*
                                                                2024-12-23 14:09:38 UTC16384INData Raw: ef 55 66 b4 b2 dd e5 45 7c ab 24 72 66 4f dd ee 56 34 93 59 db dd 48 d7 51 4e d1 2c 5f bb 8e 35 8b ef 3f ad 51 41 b5 96 2b d6 d8 bf c2 b1 c7 f3 31 f4 27 d2 88 45 5d b8 b1 cd bb 59 9b fa 55 cd bc 50 c9 6a b2 f9 90 c7 93 fb a5 3b b7 ff 00 2a ae d6 ba ad c5 e4 86 09 56 d6 2e 07 76 6e 9d 07 a9 fa 56 8e 8b 10 86 e2 da c2 d3 cc 79 24 5d fb 95 7e 5f cc ff 00 3a f1 ad 63 e3 16 a3 a6 7c 44 92 31 03 41 a6 59 ca d1 c9 03 36 f9 18 83 82 c5 bd 7e 9c 57 2c f1 10 a7 27 6d cd 23 4a 52 5e 47 b1 68 7a 24 9a 8f 88 13 4f 96 79 25 b7 8b 12 5c ee 5d a5 40 f4 f4 f4 ae 92 ce 5b 3b 5f 10 46 fe 54 76 6d e6 6c b4 f2 a3 df b4 1e ad b7 bb 76 19 ae 47 e0 7f 8e bf e1 32 f1 45 d2 68 10 49 1d a4 56 c4 fe fd 42 b4 d2 1e e4 f6 51 5e a3 e1 bb 6b 2f b6 2d fc 76 6a d2 aa 97 92 e7 cc dd f3 8e
                                                                Data Ascii: UfE|$rfOV4YHQN,_5?QA+1'E]YUPj;*V.vnVy$]~_:c|D1AY6~W,'m#JR^Ghz$Oy%\]@[;_FTvmlvG2EhIVBQ^k/-vj
                                                                2024-12-23 14:09:38 UTC16384INData Raw: a8 2e 2d b6 cb 1e 36 b3 2f dd 1f e3 44 6f 2d 56 c5 3b 27 a9 61 a0 94 da af 96 aa b1 aa fd d5 f9 77 7e 75 4b 4c b6 bb 9e f9 a5 9e 5d b0 c7 93 23 6e fb de c2 ae 34 2c 1b cd bc f3 31 1b 13 fd ed c6 b4 33 6c 2c 55 ef 11 97 73 7c b0 fd dd c3 d0 e3 fa 52 73 e5 0e 5b b3 3e c2 cc bc 32 dc 09 64 8f fd af ee 8f 4f c6 aa 5c 80 cc c9 26 dc 37 dd dd f7 ab 7f 50 6b 6b 2d 2d 5e 75 58 37 36 63 89 7e 66 c7 ad 60 6b 57 76 90 b2 f9 10 2f 9d b7 2b bb 3f 37 a7 5a 74 9b 93 1c d2 48 86 48 22 95 58 18 97 e5 ff 00 81 55 06 e2 4f 2e 4d cb f3 6d 56 6f bb c5 69 47 22 36 d9 ff 00 b4 16 49 36 e7 6f 96 55 79 f7 f6 a8 52 72 d3 34 b3 ee 90 2f 3f 77 e5 fc eb a6 2d 98 15 2e 9a 49 db 11 4a ca 23 5a 29 8e c4 5c 34 83 e5 8b fb df c3 45 5d 89 bb 3e d3 48 e9 e9 16 69 f7 2f 6f 67 63 2d e5 e4 eb
                                                                Data Ascii: .-6/Do-V;'aw~uKL]#n4,13l,Us|Rs[>2dO\&7Pkk--^uX76c~f`kWv/+?7ZtHH"XUO.MmVoiG"6I6oUyRr4/?w-.IJ#Z)\4E]>Hi/ogc-
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 2c 56 28 e3 8f 1f bb 6d ad f5 af 4a 71 a9 ca 94 4e 4a 6e 0a 5e f1 9f aa 69 92 4c b3 dc da 4b 1c 71 33 7d d6 90 6e 6f c2 a3 d2 e7 b3 b6 b3 50 6f a7 8e 46 e1 97 6f c9 d7 f5 35 46 49 9f ed 1c 33 36 e6 f9 7f bd cd 5a bf d2 fc 98 63 94 de 40 d2 49 83 e5 45 f3 6d 1e e6 b7 e5 f7 79 66 cc 23 2f 7b 9a 27 55 e2 c9 24 8b 4d b5 b8 8a 06 f2 f6 63 cd 66 1b 98 7a 7a d7 17 78 8e dc 47 2b 65 bf 87 fb d5 d0 47 a0 eb 66 38 be d2 de 45 bb 47 be 49 65 63 b6 31 db f1 3e 95 91 7d 0a 43 71 e5 24 be 60 e9 e6 2f f1 54 61 b9 63 a2 77 2a b3 72 d6 c5 68 c3 ab 60 ab 29 fe f5 49 70 b1 ca b8 db b8 ff 00 7a 9b 82 1b 86 a7 ad b5 c3 db c9 3a 44 cd 0a b7 cd 22 fd d5 3f 5a ea ba 31 b3 7b 15 9e 20 8d ca f1 56 ac a3 b4 13 28 b8 66 58 db fb bf e7 8a ab 31 fd de c2 df ee d5 8b 38 ed da 16 49 59
                                                                Data Ascii: ,V(mJqNJn^iLKq3}noPoFo5FI36Zc@IEmyf#/{'U$McfzzxG+eGf8EGIec1>}Cq$`/Tacw*rh`)Ipz:D"?Z1{ V(fX18IY
                                                                2024-12-23 14:09:38 UTC16067INData Raw: 55 8b b5 cc b1 15 5f a8 26 ba 0b 79 6d f4 bd 2e 5b b2 d2 49 71 3b 17 97 77 dd 51 d0 74 e7 15 72 39 ae 2f 2f 1a 78 e0 5f b2 5b 7d d6 5f 95 73 db 1d ab 12 e2 fa 2b 9f b6 5b 5f ca aa 3e ee ef ef 7a d6 52 93 aa f6 29 a5 08 da e5 8b 39 20 7b 55 d5 07 97 10 97 ee b6 d0 a7 ea 2b 3a 47 82 69 2e 7c d9 e3 cc 5c c7 22 e1 df 27 b2 e7 af e1 52 5d 18 35 0b 3f b1 69 16 db 62 6e 3c c9 3e e2 e3 fa fb 54 3e 1e d0 22 b7 d7 15 12 29 24 66 5f 9a 46 fa 72 54 76 ad 22 a3 14 db 7a 91 2e 69 59 2d 89 3c 1b 77 71 6b 6b 75 1b b3 7e fd b3 17 9a bf 33 67 8e 58 ff 00 4a 4d 61 d2 4b 5b a0 65 81 a4 b6 61 e5 45 b7 6a ae 7b e7 f8 8d 33 54 d5 34 bb 79 25 95 6d a4 fb 54 5f 27 cc db 97 ae 00 1f 95 57 f1 39 fb 65 af 99 23 2c 07 ca 1f 75 77 75 ec bf e2 6a a3 16 e6 a5 6b 5c 5c fc b1 6b 73 9b d5
                                                                Data Ascii: U_&ym.[Iq;wQtr9//x_[}_s+[_>zR)9 {U+:Gi.|\"'R]5?ibn<>T>")$f_FrTv"z.iY-<wqkku~3gXJMaK[eaEj{3T4y%mT_'W9e#,uwujk\\ks
                                                                2024-12-23 14:09:38 UTC16384INData Raw: 24 2d 23 67 dc f4 1d b1 47 c2 fd 3b 4f d5 b5 c9 23 bd 81 64 58 a2 32 6d 6f bb 91 eb 59 c2 75 29 46 73 aa ee 91 a4 94 66 e2 a0 6a fc 3f f0 d5 9b d9 ae b7 7b 3c 92 96 94 79 51 c6 bf 74 77 c9 3d eb b2 b3 d2 6c 9b 54 96 78 ac ed a2 95 54 18 d9 be 6f 2f dd 89 ef 53 3c 91 4b 62 be 64 b2 2c 31 63 6a ed d9 bb fd d1 d0 55 c6 df f6 55 16 71 2c 45 b9 66 da 5d 57 3e a7 ab 63 d2 be 77 13 8a a9 52 4d be a7 6d 3a 71 8c 6c 91 16 ac 44 b2 5a de 47 b9 7c b6 c3 34 4b fc 62 aa aa db db 5b c9 79 24 5e 6c b2 c9 fb a8 a5 fb ab 9e a4 f7 62 6a cc 97 b3 da 69 f7 26 05 9d 56 08 c9 8f cc 50 ad 21 c7 e4 05 63 e9 f7 91 b6 9b 26 aa f2 b4 72 34 58 5d cb f3 64 fd 6b 28 41 b8 ea 6d ca 97 a9 b4 8d 68 d3 47 72 5b 85 88 85 8d 57 77 3f c5 f4 15 c9 eb 62 7b 5d 3f 50 95 99 77 2c 67 ca f2 db e5
                                                                Data Ascii: $-#gG;O#dX2moYu)Fsfj?{<yQtw=lTxTo/S<Kbd,1cjUUq,Ef]W>cwRMm:qlDZG|4Kb[y$^lbji&VP!c&r4X]dk(AmhGr[Ww?b{]?Pw,g
                                                                2024-12-23 14:09:38 UTC16384INData Raw: c7 af ad 43 e4 5b dc ea d7 57 e7 74 92 ae 02 c5 1c 63 f7 64 75 f9 9b b9 ef 8a f8 bc 2d 49 c2 77 5a 2b 58 f4 b9 9c 5d 89 6e 34 3d 13 49 b7 83 46 b6 9e 08 2c ed d7 12 49 13 07 66 90 f5 07 fd ac d7 29 75 a4 25 94 93 db c5 aa c1 1b 5c c8 0a c7 c2 26 07 73 8f bd 57 e6 36 7a c5 d4 ba 65 96 9e d2 5c 33 07 69 65 ce c8 c7 f2 cd 67 eb 6f 20 f1 04 76 96 f0 2c f3 46 a1 e4 65 8c 32 e0 7e 1c 2d 75 46 35 5b e5 93 d5 ea 62 f7 b9 b3 12 2d ae 86 d2 5c 5e 2d e1 59 02 6d 8d 43 2c 63 dc f7 a8 f5 ed 42 28 34 b6 78 20 f3 da 49 14 2a ee fb c6 ab 78 09 35 8d 7b 4b 69 24 b6 6d d7 d7 66 d6 d2 35 5f 99 80 7f 9e 4e c1 54 0a da d6 f4 3d 0a cb e2 12 d8 59 5c c9 3b 5a a8 31 a7 de 1b f1 82 c7 f1 ae 4e 5a d0 9b 6e 3b 32 ad 26 ae 70 3f 1b af 4e 91 71 a1 d9 5b 6e 92 4b 9b 95 f3 24 65 74 b7
                                                                Data Ascii: C[Wtcdu-IwZ+X]n4=IF,If)u%\&sW6ze\3iego v,Fe2~-uF5[b-\^-YmC,cB(4x I*x5{Ki$mf5_NT=Y\;Z1NZn;2&p?Nq[nK$et


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                17192.168.2.64991620.198.118.190443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:09:53 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 70 45 65 7a 45 68 49 77 7a 6b 65 71 6e 6c 34 6c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 38 63 35 66 34 37 34 66 39 37 31 38 39 38 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: pEezEhIwzkeqnl4l.1Context: f08c5f474f971898
                                                                2024-12-23 14:09:53 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:09:53 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 70 45 65 7a 45 68 49 77 7a 6b 65 71 6e 6c 34 6c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 38 63 35 66 34 37 34 66 39 37 31 38 39 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 45 33 6f 51 72 65 41 41 4c 7a 70 30 75 66 66 53 63 38 48 76 6a 32 54 49 2b 73 7a 67 38 78 42 71 4b 6d 55 73 72 71 67 64 7a 63 2b 67 6d 6d 33 64 47 48 30 59 4b 38 64 30 49 65 4a 53 72 57 47 5a 45 31 66 4b 51 6f 55 46 6e 34 73 62 70 6b 72 62 34 4f 2f 35 42 65 5a 66 46 43 54 44 51 70 67 33 72 56 7a 39 56 76 57 79 66 6d 66 54
                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: pEezEhIwzkeqnl4l.2Context: f08c5f474f971898<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUE3oQreAALzp0uffSc8Hvj2TI+szg8xBqKmUsrqgdzc+gmm3dGH0YK8d0IeJSrWGZE1fKQoUFn4sbpkrb4O/5BeZfFCTDQpg3rVz9VvWyfmfT
                                                                2024-12-23 14:09:53 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 70 45 65 7a 45 68 49 77 7a 6b 65 71 6e 6c 34 6c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 30 38 63 35 66 34 37 34 66 39 37 31 38 39 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: pEezEhIwzkeqnl4l.3Context: f08c5f474f971898<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:09:54 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:09:54 UTC58INData Raw: 4d 53 2d 43 56 3a 20 71 4a 64 70 68 78 48 47 39 6b 71 31 53 51 4a 48 57 61 5a 68 2f 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: qJdphxHG9kq1SQJHWaZh/A.0Payload parsing failed.


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                18192.168.2.65000120.198.118.190443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:10:26 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 2b 6f 42 5a 34 48 57 45 30 32 2b 36 73 6f 30 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 33 30 65 34 34 62 38 61 32 61 66 66 30 61 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: 4+oBZ4HWE02+6so0.1Context: c430e44b8a2aff0a
                                                                2024-12-23 14:10:26 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:10:26 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 2b 6f 42 5a 34 48 57 45 30 32 2b 36 73 6f 30 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 33 30 65 34 34 62 38 61 32 61 66 66 30 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 45 33 6f 51 72 65 41 41 4c 7a 70 30 75 66 66 53 63 38 48 76 6a 32 54 49 2b 73 7a 67 38 78 42 71 4b 6d 55 73 72 71 67 64 7a 63 2b 67 6d 6d 33 64 47 48 30 59 4b 38 64 30 49 65 4a 53 72 57 47 5a 45 31 66 4b 51 6f 55 46 6e 34 73 62 70 6b 72 62 34 4f 2f 35 42 65 5a 66 46 43 54 44 51 70 67 33 72 56 7a 39 56 76 57 79 66 6d 66 54
                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4+oBZ4HWE02+6so0.2Context: c430e44b8a2aff0a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUE3oQreAALzp0uffSc8Hvj2TI+szg8xBqKmUsrqgdzc+gmm3dGH0YK8d0IeJSrWGZE1fKQoUFn4sbpkrb4O/5BeZfFCTDQpg3rVz9VvWyfmfT
                                                                2024-12-23 14:10:26 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 2b 6f 42 5a 34 48 57 45 30 32 2b 36 73 6f 30 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 34 33 30 65 34 34 62 38 61 32 61 66 66 30 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4+oBZ4HWE02+6so0.3Context: c430e44b8a2aff0a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:10:27 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:10:27 UTC58INData Raw: 4d 53 2d 43 56 3a 20 52 62 39 39 39 6f 7a 4f 45 45 69 42 64 51 69 47 70 71 44 2f 77 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: Rb999ozOEEiBdQiGpqD/ww.0Payload parsing failed.


                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                19192.168.2.65008220.198.118.190443
                                                                TimestampBytes transferredDirectionData
                                                                2024-12-23 14:11:08 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4d 68 56 48 6d 62 78 58 72 30 6d 4e 4a 4d 59 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 36 64 32 62 32 37 61 32 63 35 34 30 66 38 0d 0a 0d 0a
                                                                Data Ascii: CNT 1 CON 305MS-CV: MhVHmbxXr0mNJMY1.1Context: 936d2b27a2c540f8
                                                                2024-12-23 14:11:08 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                2024-12-23 14:11:08 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4d 68 56 48 6d 62 78 58 72 30 6d 4e 4a 4d 59 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 36 64 32 62 32 37 61 32 63 35 34 30 66 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 55 45 33 6f 51 72 65 41 41 4c 7a 70 30 75 66 66 53 63 38 48 76 6a 32 54 49 2b 73 7a 67 38 78 42 71 4b 6d 55 73 72 71 67 64 7a 63 2b 67 6d 6d 33 64 47 48 30 59 4b 38 64 30 49 65 4a 53 72 57 47 5a 45 31 66 4b 51 6f 55 46 6e 34 73 62 70 6b 72 62 34 4f 2f 35 42 65 5a 66 46 43 54 44 51 70 67 33 72 56 7a 39 56 76 57 79 66 6d 66 54
                                                                Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: MhVHmbxXr0mNJMY1.2Context: 936d2b27a2c540f8<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAUE3oQreAALzp0uffSc8Hvj2TI+szg8xBqKmUsrqgdzc+gmm3dGH0YK8d0IeJSrWGZE1fKQoUFn4sbpkrb4O/5BeZfFCTDQpg3rVz9VvWyfmfT
                                                                2024-12-23 14:11:08 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4d 68 56 48 6d 62 78 58 72 30 6d 4e 4a 4d 59 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 33 36 64 32 62 32 37 61 32 63 35 34 30 66 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                Data Ascii: BND 3 CON\WNS 0 197MS-CV: MhVHmbxXr0mNJMY1.3Context: 936d2b27a2c540f8<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                2024-12-23 14:11:09 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                Data Ascii: 202 1 CON 58
                                                                2024-12-23 14:11:09 UTC58INData Raw: 4d 53 2d 43 56 3a 20 57 4e 44 57 75 4d 48 31 2f 6b 71 6b 66 4c 43 4d 4c 49 31 37 68 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                Data Ascii: MS-CV: WNDWuMH1/kqkfLCMLI17hg.0Payload parsing failed.


                                                                Click to jump to process

                                                                Click to jump to process

                                                                Click to dive into process behavior distribution

                                                                Click to jump to process

                                                                Target ID:0
                                                                Start time:09:08:55
                                                                Start date:23/12/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\payment_3493.pdf"
                                                                Imagebase:0x7ff651090000
                                                                File size:5'641'176 bytes
                                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:2
                                                                Start time:09:08:56
                                                                Start date:23/12/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                                Imagebase:0x7ff70df30000
                                                                File size:3'581'912 bytes
                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:4
                                                                Start time:09:08:57
                                                                Start date:23/12/2024
                                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,12156767145807301338,1356997387536762662,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                                Imagebase:0x7ff70df30000
                                                                File size:3'581'912 bytes
                                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:9
                                                                Start time:09:09:21
                                                                Start date:23/12/2024
                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://bitbucket.org/vchasno/load/downloads/%D0%95%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%B8%D0%B9_%D0%BF%D0%BB%D0%B0%D1%82%D1%96%D0%B6%D0%BD%D0%B8%D0%B9_%D0%B4%D0%BE%D0%BA%D1%83%D0%BC%D0%B5%D0%BD%D1%82.zip"
                                                                Imagebase:0x7ff684c40000
                                                                File size:3'242'272 bytes
                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Target ID:10
                                                                Start time:09:09:21
                                                                Start date:23/12/2024
                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2024,i,7100417688120371546,15284684244205142337,262144 /prefetch:8
                                                                Imagebase:0x7ff684c40000
                                                                File size:3'242'272 bytes
                                                                MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Target ID:14
                                                                Start time:09:09:30
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\unarchiver.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\???????????_?????????_????????.zip"
                                                                Imagebase:0x690000
                                                                File size:12'800 bytes
                                                                MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:15
                                                                Start time:09:09:30
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\7za.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\5xa4rbm5.xja" "C:\Users\user\Downloads\???????????_?????????_????????.zip"
                                                                Imagebase:0xf80000
                                                                File size:289'792 bytes
                                                                MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:16
                                                                Start time:09:09:30
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff66e660000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:22
                                                                Start time:09:10:33
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\unarchiver.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip"
                                                                Imagebase:0x790000
                                                                File size:12'800 bytes
                                                                MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:false

                                                                Target ID:23
                                                                Start time:09:10:33
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\7za.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\i4oysygl.ccy" "C:\Users\user\Downloads\ _ _ .zip"
                                                                Imagebase:0xf80000
                                                                File size:289'792 bytes
                                                                MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:24
                                                                Start time:09:10:34
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff66e660000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                Target ID:28
                                                                Start time:09:11:37
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\unarchiver.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\ _ _ .zip"
                                                                Imagebase:0x960000
                                                                File size:12'800 bytes
                                                                MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:false

                                                                Target ID:29
                                                                Start time:09:11:37
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\SysWOW64\7za.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\f03mjjhp.rbo" "C:\Users\user\Downloads\ _ _ .zip"
                                                                Imagebase:0xf80000
                                                                File size:289'792 bytes
                                                                MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                Target ID:30
                                                                Start time:09:11:37
                                                                Start date:23/12/2024
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff66e660000
                                                                File size:862'208 bytes
                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Has exited:true

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:20.8%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:5.5%
                                                                  Total number of Nodes:73
                                                                  Total number of Limit Nodes:4
                                                                  execution_graph 1105 f8a5fe 1107 f8a636 CreateFileW 1105->1107 1108 f8a685 1107->1108 1155 f8a370 1156 f8a392 RegQueryValueExW 1155->1156 1158 f8a41b 1156->1158 1109 f8a172 1110 f8a1c2 FindNextFileW 1109->1110 1111 f8a1ca 1110->1111 1112 f8afb2 1113 f8afde FindClose 1112->1113 1114 f8b010 1112->1114 1115 f8aff3 1113->1115 1114->1113 1179 f8a933 1181 f8a962 WriteFile 1179->1181 1182 f8a9c9 1181->1182 1183 f8b1b4 1184 f8b1d6 GetSystemInfo 1183->1184 1186 f8b210 1184->1186 1159 f8ab76 1160 f8abe6 CreatePipe 1159->1160 1162 f8ac3e 1160->1162 1187 f8a2ae 1190 f8a2b2 SetErrorMode 1187->1190 1189 f8a31b 1190->1189 1191 f8a120 1192 f8a148 FindNextFileW 1191->1192 1194 f8a1ca 1192->1194 1136 f8a962 1138 f8a997 WriteFile 1136->1138 1139 f8a9c9 1138->1139 1148 f8abe6 1149 f8ac36 CreatePipe 1148->1149 1150 f8ac3e 1149->1150 1101 f8a2da 1102 f8a32f 1101->1102 1103 f8a306 SetErrorMode 1101->1103 1102->1103 1104 f8a31b 1103->1104 1163 f8a5dc 1164 f8a5fe CreateFileW 1163->1164 1166 f8a685 1164->1166 1167 f8a850 1168 f8a882 SetFilePointer 1167->1168 1170 f8a8e6 1168->1170 1171 f8a6d4 1172 f8a716 CloseHandle 1171->1172 1174 f8a750 1172->1174 1124 f8b1d6 1125 f8b202 GetSystemInfo 1124->1125 1126 f8b238 1124->1126 1127 f8b210 1125->1127 1126->1125 1128 f8a716 1129 f8a781 1128->1129 1130 f8a742 CloseHandle 1128->1130 1129->1130 1131 f8a750 1130->1131 1195 f8af8b 1196 f8afb2 FindClose 1195->1196 1198 f8aff3 1196->1198 1199 f8aa0b 1200 f8aa46 CreateDirectoryW 1199->1200 1202 f8aa93 1200->1202 1203 f8a78f 1205 f8a7c2 GetFileType 1203->1205 1206 f8a824 1205->1206 1144 f8a882 1147 f8a8b7 SetFilePointer 1144->1147 1146 f8a8e6 1147->1146 1207 f8ad04 1208 f8ad2a DuplicateHandle 1207->1208 1210 f8adaf 1208->1210 1151 f8aa46 1152 f8aa6c CreateDirectoryW 1151->1152 1154 f8aa93 1152->1154

                                                                  Callgraph

                                                                  • Executed
                                                                  • Not Executed
                                                                  • Opacity -> Relevance
                                                                  • Disassembly available
                                                                  callgraph 0 Function_007D067F 1 Function_04E50DE0 21 Function_04E50BA0 1->21 2 Function_00F8A5FE 3 Function_00F821F0 4 Function_00F8A1F4 5 Function_00F823F4 6 Function_007D026D 7 Function_007D066A 8 Function_00F8AAE0 9 Function_00F8ABE6 10 Function_00F8AADA 11 Function_00F8A2DA 12 Function_00F8A5DC 13 Function_04E502C0 46 Function_007D0606 13->46 47 Function_04E50799 13->47 63 Function_007D05E0 13->63 14 Function_00F820D0 15 Function_00F8A6D4 16 Function_00F8B1D6 17 Function_007D0649 17->7 18 Function_04E50DD1 18->21 19 Function_00F8A7C2 20 Function_00F823BC 22 Function_04E50DA2 22->21 23 Function_00F8AEB2 24 Function_00F8AFB2 25 Function_00F8B1B4 26 Function_00F822B4 27 Function_04E50CA8 28 Function_007D082E 29 Function_04E505B1 30 Function_04E502B0 30->46 30->47 30->63 31 Function_00F8A2AE 32 Function_00F82098 33 Function_00F8A09A 34 Function_00F8B49E 35 Function_00F8B39E 36 Function_00F8A392 37 Function_04E50B8F 38 Function_00F82194 39 Function_007D0710 40 Function_007D000C 41 Function_00F8AF8B 42 Function_007D0809 43 Function_00F8AC8E 44 Function_00F8A78F 45 Function_00F8A882 47->21 47->27 47->37 47->46 48 Function_04E50C99 47->48 52 Function_04E50C60 47->52 47->63 73 Function_04E50C50 47->73 49 Function_007D0000 50 Function_00F8A486 51 Function_00F8A078 53 Function_00F8A370 54 Function_00F8B470 55 Function_00F8A172 56 Function_00F8B276 57 Function_00F8AB76 58 Function_00F8AC6C 59 Function_00F8A462 60 Function_00F8A962 61 Function_00F82264 62 Function_00F82364 64 Function_00F8A566 65 Function_00F82458 66 Function_00F8A45C 67 Function_00F8B15D 68 Function_00F8A850 69 Function_00F8B351 70 Function_00F8B052 71 Function_007D05D0 72 Function_04E50748 74 Function_007D05C0 75 Function_00F8AA46 76 Function_00F8B246 77 Function_00F8A23A 78 Function_00F8213C 79 Function_00F8A33D 80 Function_00F82430 81 Function_00F8A933 82 Function_007D07B6 83 Function_00F8AD2A 84 Function_00F8A02E 85 Function_00F8A120 86 Function_04E50C3D 87 Function_00F8B121 88 Function_007D07A4 89 Function_00F8AF22 90 Function_04E50739 91 Function_04E50006 92 Function_00F8B01E 93 Function_04E50E08 93->21 94 Function_00F8A716 95 Function_00F8AA0B 96 Function_00F8A50F 97 Function_00F8AF00 98 Function_007D0784 99 Function_00F8AD04 100 Function_00F8A005 101 Function_00F8AE05 102 Function_00F82005 103 Function_04E50E18 103->21 104 Function_00F8AB06
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 00F8B208
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: 8285e302eeab237830f94fd395c09e530e7025c575b593f4b7198c16e2f599a8
                                                                  • Instruction ID: 3e03ce1779fd7bbd4a823f82b124f0072e6afe6cdf692e110bf742cd732f28e6
                                                                  • Opcode Fuzzy Hash: 8285e302eeab237830f94fd395c09e530e7025c575b593f4b7198c16e2f599a8
                                                                  • Instruction Fuzzy Hash: 8C01D1718002409FEB10DF15E8857A9FBE8EF04330F18C4AADD489F262D379A804DBA2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 f8b246-f8b2eb 5 f8b2ed-f8b2f5 DuplicateHandle 0->5 6 f8b343-f8b348 0->6 8 f8b2fb-f8b30d 5->8 6->5 9 f8b34a-f8b34f 8->9 10 f8b30f-f8b340 8->10 9->10
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00F8B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 1d978a41bcaf7b99d885d09e67f54c171250e862cc795489d78a1c1481ca08b6
                                                                  • Instruction ID: 19f032849e6582677374330401ff488eabb7cbdeab8708af0fe70360c7532da3
                                                                  • Opcode Fuzzy Hash: 1d978a41bcaf7b99d885d09e67f54c171250e862cc795489d78a1c1481ca08b6
                                                                  • Instruction Fuzzy Hash: 6631C4B2404344AFEB228B21DC45FA6BFFCEF05724F04849AF985CB162D324A909DB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 14 f8ad04-f8ad9f 19 f8ada1-f8ada9 DuplicateHandle 14->19 20 f8adf7-f8adfc 14->20 21 f8adaf-f8adc1 19->21 20->19 23 f8adfe-f8ae03 21->23 24 f8adc3-f8adf4 21->24 23->24
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00F8ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 82eea36f307b6101d58df3b48d1732fe77d162d8fe6a6110cf72f39ed27a0134
                                                                  • Instruction ID: d52ee2d6038508ef790b55673a7d4973097681887b58dc4e498d3ce243378eaa
                                                                  • Opcode Fuzzy Hash: 82eea36f307b6101d58df3b48d1732fe77d162d8fe6a6110cf72f39ed27a0134
                                                                  • Instruction Fuzzy Hash: A031C1B2404344AFEB228B20DC45FA7BFECEF05224F04489AF985DB162D224A919DB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 28 f8ab76-f8ac67 CreatePipe
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00F8AC36
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: 6ef8da1ec5a1d2152ae33601ee422e578bca06aedba3667e6401c41c78e4ca03
                                                                  • Instruction ID: bd7fd16a0109eacdedf23a97048d14f6c91be92c5508cbe2bca5c0997da721ea
                                                                  • Opcode Fuzzy Hash: 6ef8da1ec5a1d2152ae33601ee422e578bca06aedba3667e6401c41c78e4ca03
                                                                  • Instruction Fuzzy Hash: AC316C7250E3C06FD3038B718C65A66BFB4AF47610F1A84CBD8C4DF1A3D669A919C762

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 33 f8a5dc-f8a656 37 f8a658 33->37 38 f8a65b-f8a667 33->38 37->38 39 f8a669 38->39 40 f8a66c-f8a675 38->40 39->40 41 f8a6c6-f8a6cb 40->41 42 f8a677-f8a69b CreateFileW 40->42 41->42 45 f8a6cd-f8a6d2 42->45 46 f8a69d-f8a6c3 42->46 45->46
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00F8A67D
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 40ef0d64cc5465cf5b5c9eaa772a03c7ded2348479e2daf4b13f71498a8b77ea
                                                                  • Instruction ID: 576a2e8983313a7153f24684418fae4aeb8314725c0b1f574b4b1f350fa26404
                                                                  • Opcode Fuzzy Hash: 40ef0d64cc5465cf5b5c9eaa772a03c7ded2348479e2daf4b13f71498a8b77ea
                                                                  • Instruction Fuzzy Hash: 2D3191B1504340AFE721CF25DD85F66BBE8EF05224F08849EE9859B252D375E809DB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 49 f8a120-f8a1f3 FindNextFileW
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00F8A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: e5c1ae81ee1173ee2ee44b122a8c410bea73ef2ac836b51e0966556c13364c6c
                                                                  • Instruction ID: cb38f1195c0cb25075f19ff9601659b33db60e0b9a1a8220fc85c686b6b906dd
                                                                  • Opcode Fuzzy Hash: e5c1ae81ee1173ee2ee44b122a8c410bea73ef2ac836b51e0966556c13364c6c
                                                                  • Instruction Fuzzy Hash: 6131D67140D3C06FD3128B218C55BA6BFB4EF47610F0941CBDC849F193D229A91AC7B2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 55 f8a370-f8a3cf 58 f8a3d1 55->58 59 f8a3d4-f8a3dd 55->59 58->59 60 f8a3df 59->60 61 f8a3e2-f8a3e8 59->61 60->61 62 f8a3ea 61->62 63 f8a3ed-f8a404 61->63 62->63 65 f8a43b-f8a440 63->65 66 f8a406-f8a419 RegQueryValueExW 63->66 65->66 67 f8a41b-f8a438 66->67 68 f8a442-f8a447 66->68 68->67
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A40C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: 520b3d855c7d54675cb1a4acbcbdad7b075840d504fe8fe8aaa2e6c2a2125d6e
                                                                  • Instruction ID: 617c96e3e5392232cd923edef37a765b288114fb2b185f140912df1de5a3ff92
                                                                  • Opcode Fuzzy Hash: 520b3d855c7d54675cb1a4acbcbdad7b075840d504fe8fe8aaa2e6c2a2125d6e
                                                                  • Instruction Fuzzy Hash: DB2160B5505744AFE721CF11DC85FA6BBF8EF05720F08849AE945DB252D364E908CB61

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 85 f8b276-f8b2eb 89 f8b2ed-f8b2f5 DuplicateHandle 85->89 90 f8b343-f8b348 85->90 92 f8b2fb-f8b30d 89->92 90->89 93 f8b34a-f8b34f 92->93 94 f8b30f-f8b340 92->94 93->94
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00F8B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 200215d48c3bcc5b4331a4b195b20aec9605632009ea5d155b7c245d3242830d
                                                                  • Instruction ID: cdeaeac2cbacdb3f7910c36492be286059992b28c77424f2ace8ab5a9bf82d0c
                                                                  • Opcode Fuzzy Hash: 200215d48c3bcc5b4331a4b195b20aec9605632009ea5d155b7c245d3242830d
                                                                  • Instruction Fuzzy Hash: 1E21A1B2500204AFEB219F61DC45FAAFBECEF04724F04886AFA45DB151D774E5089BA5

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 72 f8ad2a-f8ad9f 76 f8ada1-f8ada9 DuplicateHandle 72->76 77 f8adf7-f8adfc 72->77 78 f8adaf-f8adc1 76->78 77->76 80 f8adfe-f8ae03 78->80 81 f8adc3-f8adf4 78->81 80->81
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00F8ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: a0e7dce765598ae4bec04cf5b7602a8fba7cd462aa5f37c64c7325a71c193f9f
                                                                  • Instruction ID: 9ae2c875dac6362ee6090837883ccc74cf92f8b06e98226fd44f31c5dfa8fadf
                                                                  • Opcode Fuzzy Hash: a0e7dce765598ae4bec04cf5b7602a8fba7cd462aa5f37c64c7325a71c193f9f
                                                                  • Instruction Fuzzy Hash: 9921B0B2500204AFEB219F60DD85FABFBECEF04324F14886AFA45DA651D734A5049BA1

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 98 f8a850-f8a8d6 102 f8a8d8-f8a8f8 SetFilePointer 98->102 103 f8a91a-f8a91f 98->103 106 f8a8fa-f8a917 102->106 107 f8a921-f8a926 102->107 103->102 107->106
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: e0e765ed86de2241ed06c58679a5e0dff25106a33363203d1e2ee12c4a8d1ea5
                                                                  • Instruction ID: b563641ba6dd477711d8d0b67cef73f52a8e9e97a8843f026f310259b83809b2
                                                                  • Opcode Fuzzy Hash: e0e765ed86de2241ed06c58679a5e0dff25106a33363203d1e2ee12c4a8d1ea5
                                                                  • Instruction Fuzzy Hash: ED21A4B14083806FE7228B20DC45FA6BFB8EF46724F0984DBF9859F152D264A909C771

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 110 f8a933-f8a9b9 114 f8a9bb-f8a9db WriteFile 110->114 115 f8a9fd-f8aa02 110->115 118 f8a9dd-f8a9fa 114->118 119 f8aa04-f8aa09 114->119 115->114 119->118
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: 03f0948c27603caa2594df3a331814e062c330ec89d0927bc23a830862d8375e
                                                                  • Instruction ID: 58df309b809d85a9d6f1fd410853b50ddac7d55d744afe27696cf399e53f1175
                                                                  • Opcode Fuzzy Hash: 03f0948c27603caa2594df3a331814e062c330ec89d0927bc23a830862d8375e
                                                                  • Instruction Fuzzy Hash: 63219571409380AFDB22CF61DD45F96BFB8EF06714F08849BE9859F152C365A509CB72

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 122 f8a5fe-f8a656 125 f8a658 122->125 126 f8a65b-f8a667 122->126 125->126 127 f8a669 126->127 128 f8a66c-f8a675 126->128 127->128 129 f8a6c6-f8a6cb 128->129 130 f8a677-f8a67f CreateFileW 128->130 129->130 132 f8a685-f8a69b 130->132 133 f8a6cd-f8a6d2 132->133 134 f8a69d-f8a6c3 132->134 133->134
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00F8A67D
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 38ed32c3e762622108f15961b42cc9c83c5a4df5f80395fcc75f2e98ef52f22a
                                                                  • Instruction ID: e4a71937275fd672134e994abb540627df7f57196c4f4c387908466ab760485a
                                                                  • Opcode Fuzzy Hash: 38ed32c3e762622108f15961b42cc9c83c5a4df5f80395fcc75f2e98ef52f22a
                                                                  • Instruction Fuzzy Hash: 6421A4B1500200AFE721DF25DD85F66FBE8EF08324F18845EEA859B251E775E804DB72

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 137 f8a78f-f8a80d 141 f8a80f-f8a822 GetFileType 137->141 142 f8a842-f8a847 137->142 143 f8a849-f8a84e 141->143 144 f8a824-f8a841 141->144 142->141 143->144
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A815
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: 9c87e83fb7312529347359f31fe62003b198f6eeae4a62f82d26e0a255af22a4
                                                                  • Instruction ID: 9c026538a066578c256a5741f436a89dd0793a78d736a9a297ad8503207f4284
                                                                  • Opcode Fuzzy Hash: 9c87e83fb7312529347359f31fe62003b198f6eeae4a62f82d26e0a255af22a4
                                                                  • Instruction Fuzzy Hash: A321D8B54093806FE7128B21DC45BA6BFB8DF46724F0880DBF9858B153D368A909D775

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 148 f8aa0b-f8aa6a 150 f8aa6c 148->150 151 f8aa6f-f8aa75 148->151 150->151 152 f8aa7a-f8aa83 151->152 153 f8aa77 151->153 154 f8aac4-f8aac9 152->154 155 f8aa85-f8aaa5 CreateDirectoryW 152->155 153->152 154->155 158 f8aacb-f8aad0 155->158 159 f8aaa7-f8aac3 155->159 158->159
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 00F8AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: dc4155d88e15f2b032dc439e410499c0646228cd02d5849e6d3cfcfe5273665d
                                                                  • Instruction ID: 9950d4c6583e4e69cadb4865e1356aae507ed17f42173e92fa1927f36a8a44cf
                                                                  • Opcode Fuzzy Hash: dc4155d88e15f2b032dc439e410499c0646228cd02d5849e6d3cfcfe5273665d
                                                                  • Instruction Fuzzy Hash: 3221AF715083809FEB12CB29DC55B92BFE8EF06324F0984EAE884DB153D224D909CB61

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 161 f8a392-f8a3cf 163 f8a3d1 161->163 164 f8a3d4-f8a3dd 161->164 163->164 165 f8a3df 164->165 166 f8a3e2-f8a3e8 164->166 165->166 167 f8a3ea 166->167 168 f8a3ed-f8a404 166->168 167->168 170 f8a43b-f8a440 168->170 171 f8a406-f8a419 RegQueryValueExW 168->171 170->171 172 f8a41b-f8a438 171->172 173 f8a442-f8a447 171->173 173->172
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A40C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: 8a9ca604fbe53a41c75f1a0810f4e70785fb34f0b6f8fd737e4fa3b8a61f5e51
                                                                  • Instruction ID: 97c3e7a3738f7b360adfd39c7346af30df03697434e82c01946803c76d43c731
                                                                  • Opcode Fuzzy Hash: 8a9ca604fbe53a41c75f1a0810f4e70785fb34f0b6f8fd737e4fa3b8a61f5e51
                                                                  • Instruction Fuzzy Hash: 2B21C0B6600200AFEB20DF21DC85FA6F7ECEF04720F08845AE9468B251D764E808DB72

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 177 f8a962-f8a9b9 180 f8a9bb-f8a9c3 WriteFile 177->180 181 f8a9fd-f8aa02 177->181 183 f8a9c9-f8a9db 180->183 181->180 184 f8a9dd-f8a9fa 183->184 185 f8aa04-f8aa09 183->185 185->184
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: affd825b0b6d8e5cbbf9118046c8f4bd7cd40290407162e541b9cbc47e75e8f0
                                                                  • Instruction ID: 2a47800b8dc2436a90f5714af72d27c664a7c5fadd094db1a2e982da498a3c81
                                                                  • Opcode Fuzzy Hash: affd825b0b6d8e5cbbf9118046c8f4bd7cd40290407162e541b9cbc47e75e8f0
                                                                  • Instruction Fuzzy Hash: 3411C472400200AFEB21DF61DD85FAAFBECEF04724F14845BEA459B251C778A544DBB6
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: 8fd283a46a75fe03469e3ad495343396044c1979c2cc436ae52034f6dfdda181
                                                                  • Instruction ID: 5c0feb12e29e3711fb7b6bc08248524ce57856a5382cc52ebd1ba944b5dbe697
                                                                  • Opcode Fuzzy Hash: 8fd283a46a75fe03469e3ad495343396044c1979c2cc436ae52034f6dfdda181
                                                                  • Instruction Fuzzy Hash: 1211E7B2400200AFEB21DF64DC85FA6FBE8EF44724F14845BEE459B251D778A504DBB6
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 00F8A30C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: d565186dd67706d0ee7b71a4df759cd37930878aff8bb3fb781c024582a0329a
                                                                  • Instruction ID: 221b5f4bc4f1973bdce4e6256a371fa5959e37749f740eeca9749a4e6a431ff0
                                                                  • Opcode Fuzzy Hash: d565186dd67706d0ee7b71a4df759cd37930878aff8bb3fb781c024582a0329a
                                                                  • Instruction Fuzzy Hash: 7711A3758097C09FD7228B25DC54A92BFB4DF07320F0980DBDD848F163D265A909CB72
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,03547959,00000000,00000000,00000000,00000000), ref: 00F8A815
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: e2a85c8c76b6c97422fc91fc1331144f9e88f895707193d98182e525061cb2da
                                                                  • Instruction ID: 928d5d813348dfd6aff98f06521787c4588054ae49769f3be1f9127c22c48ab3
                                                                  • Opcode Fuzzy Hash: e2a85c8c76b6c97422fc91fc1331144f9e88f895707193d98182e525061cb2da
                                                                  • Instruction Fuzzy Hash: 1501D6B5500200AFF720DB11EC85BA6FBECDF04724F14C057EE059B241D778A9048BB6
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 00F8AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: 1cf169cc492ea72627ec68499a023e420caea8d8504f0c8811894e31aa1008e4
                                                                  • Instruction ID: 8c23ce2fac694bc270fcff5b1475598f5640bdd9b9c0a507d68a5c204eab292d
                                                                  • Opcode Fuzzy Hash: 1cf169cc492ea72627ec68499a023e420caea8d8504f0c8811894e31aa1008e4
                                                                  • Instruction Fuzzy Hash: 62118E71A00241DFEB14DF25D985B96BBE8EF04720F08C4AADD49CB652E278E904DB62
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 00F8B208
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: a7f9acb25307d0da91cb42987f320d9b628de0aee482c423a174cce77b748853
                                                                  • Instruction ID: 08749796bcbd88572a6b7cb7818727787206edde7c94f1ba61b0c2ad1588d2af
                                                                  • Opcode Fuzzy Hash: a7f9acb25307d0da91cb42987f320d9b628de0aee482c423a174cce77b748853
                                                                  • Instruction Fuzzy Hash: F71170714093809FDB12CF15DC45B56BFB4DF46220F0884DAED849F263D275A908CB62
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 68cddbc94016219d75269a6db92207971f66990db13d6f4e725b1d1b4d7e239c
                                                                  • Instruction ID: dc572da325bea5568783a9658d0a13b8170bda4bad86ae7feccac16db816fbc6
                                                                  • Opcode Fuzzy Hash: 68cddbc94016219d75269a6db92207971f66990db13d6f4e725b1d1b4d7e239c
                                                                  • Instruction Fuzzy Hash: 7811A0755093C09FD7128B25DC45B52BFF4EF06220F0984DAED858B263D364A808DB61
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00F8A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: a6ce7c1391e232c5d3c0c7a66286dfa9317c493cd2dd1ee75a4397526c96997f
                                                                  • Instruction ID: 0d4676dd096a895005a191e5f4659083cabe4ccfb74c6320bdf37e4e6c35e09f
                                                                  • Opcode Fuzzy Hash: a6ce7c1391e232c5d3c0c7a66286dfa9317c493cd2dd1ee75a4397526c96997f
                                                                  • Instruction Fuzzy Hash: 3B0184B1900200AFD310DF16DD46B26FBE8FB88A20F14855AED089B741D775F955CBE5
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00F8AC36
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: ada0ca9df2e69be4110b51beb3e2ad81a9f092c44ad516dacae914de031f32f2
                                                                  • Instruction ID: 6de0e09046d643be164d76cb5ae66f4a73d5e046949982f768054176b0271437
                                                                  • Opcode Fuzzy Hash: ada0ca9df2e69be4110b51beb3e2ad81a9f092c44ad516dacae914de031f32f2
                                                                  • Instruction Fuzzy Hash: E201B1B1900200AFD310DF16DD46B26FBE8FB88A20F14811AED089B641D735F915CBE1
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: ee3b1a44ca9f170bf002b94a2860006b2e4137907ff1dff14f69ca8f57888316
                                                                  • Instruction ID: e3f5f29df70429d283a47839a8d49c1c58635ddfd3a269bd0c90f8d139a18504
                                                                  • Opcode Fuzzy Hash: ee3b1a44ca9f170bf002b94a2860006b2e4137907ff1dff14f69ca8f57888316
                                                                  • Instruction Fuzzy Hash: 5101F4B59002419FEB149F25E8857A6FBE4EF04330F18C0AADD558B352D379E844EFA2
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 00F8A30C
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 2fa7993f5bd0a25bd6920216bab2a222a82411e20efff71a92300ba83d24ddb4
                                                                  • Instruction ID: bc34c5ccf88932aa4bdbc28f1ecc8f2b5d65cd9445f089d32a27113c57820915
                                                                  • Opcode Fuzzy Hash: 2fa7993f5bd0a25bd6920216bab2a222a82411e20efff71a92300ba83d24ddb4
                                                                  • Instruction Fuzzy Hash: 22F0FF758042409FEB20EF05E8857A1FBE4EF04730F08C09ADD080B256D3BAA904DBA2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Oj
                                                                  • API String ID: 0-2889815623
                                                                  • Opcode ID: 2adf13c7524888cacbfa59641e2d2270bece7c8447970e9a7146057d492ad329
                                                                  • Instruction ID: 107589121685b0d60dd8bf634f1ca0be1a88dd4a08a5a3810b4d8c2f3c907cd4
                                                                  • Opcode Fuzzy Hash: 2adf13c7524888cacbfa59641e2d2270bece7c8447970e9a7146057d492ad329
                                                                  • Instruction Fuzzy Hash: 80A15C70B002158FDB04AB74D85977EB7B3AF8830CF158429EA06D73A5DF799D428B61
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: e]oj^
                                                                  • API String ID: 0-2000980935
                                                                  • Opcode ID: 266bd62cca26287f8220c4d22b1438c14e749fcbfd59014e26fe6b65faf4d08c
                                                                  • Instruction ID: 9e71decb677ecd7c13b8bbfcd633271dad716a5347a458b341b5192545249d8f
                                                                  • Opcode Fuzzy Hash: 266bd62cca26287f8220c4d22b1438c14e749fcbfd59014e26fe6b65faf4d08c
                                                                  • Instruction Fuzzy Hash: 992124707006508BCB55EB3588447AE7BD69FC5208B45883CD586CB392DF3AED0297D6
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: e]oj^
                                                                  • API String ID: 0-2000980935
                                                                  • Opcode ID: b7f690a744cd88617d46252067bd82198c32e22fa7fe6cd34115bc385a1c63d6
                                                                  • Instruction ID: ab67f213d1a7fe0621ac4894bb004e6833aed957552c698b197401f6f9debeb5
                                                                  • Opcode Fuzzy Hash: b7f690a744cd88617d46252067bd82198c32e22fa7fe6cd34115bc385a1c63d6
                                                                  • Instruction Fuzzy Hash: 6A21D3707006508BCB54EB3588447AEB7E69FC5208B45883CD596DB392DF79ED0287D6
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 00F8A748
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: a3ac5b3ce50b9ba7ab19c8a46baf065543fc1ee749f59703925d9f1c3f0eb2d5
                                                                  • Instruction ID: c9cd855169eab8b033e099ebbb946f0433c9becfad9fce4350b072e20527fd50
                                                                  • Opcode Fuzzy Hash: a3ac5b3ce50b9ba7ab19c8a46baf065543fc1ee749f59703925d9f1c3f0eb2d5
                                                                  • Instruction Fuzzy Hash: 7C2180B59097C09FD7128B259C55792BFB4EF06320F0980DBDC858F1A3D2649908D762
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 00F8A748
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528725948.0000000000F8A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f8a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: 4544631e5f15b5b0bae3b1f14d96445242187dc208d8e5f24079efdfe747eee2
                                                                  • Instruction ID: 8ef323a08984cd0c806d5ac81f6ad1863e3e715a2753076b84534b1f44d9f5d6
                                                                  • Opcode Fuzzy Hash: 4544631e5f15b5b0bae3b1f14d96445242187dc208d8e5f24079efdfe747eee2
                                                                  • Instruction Fuzzy Hash: EF0184759002419FEB10DF15D985799FBE8DF04320F18C4ABDD458F252D279E944EBA2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3e06504b775e02d83c0df0d0d8df9ede3dfd4e04680a383afa47a034e316272f
                                                                  • Instruction ID: a379c3615c92c6b6f30433c2e00aaa3fcede0cdd173c858d5f97eabafc542091
                                                                  • Opcode Fuzzy Hash: 3e06504b775e02d83c0df0d0d8df9ede3dfd4e04680a383afa47a034e316272f
                                                                  • Instruction Fuzzy Hash: 52B12D38B01524CFC714EB64E958B5E77B2FF8834CB118526E906DB369DB31AD01EB60
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58e2713540bf0ebd06d7eaca8612e4d98b7b588253650708bab2b7228f7f077c
                                                                  • Instruction ID: 298b215e85dbdde5f16218bdb4521464af338acb89e6f1341239e6efef07ea4d
                                                                  • Opcode Fuzzy Hash: 58e2713540bf0ebd06d7eaca8612e4d98b7b588253650708bab2b7228f7f077c
                                                                  • Instruction Fuzzy Hash: 04119635B101185FCF049BB4D888DDE7BF6EF88214B064475D606D7275EF319C168790
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6973fd8c04eccb3fd283148fd971d03612bf7c79bbb135506c8541de07ce2317
                                                                  • Instruction ID: 28ce1e3fc4b0c052c4363935f7c742481b5bf959cc58fd5ee262968eff9d4064
                                                                  • Opcode Fuzzy Hash: 6973fd8c04eccb3fd283148fd971d03612bf7c79bbb135506c8541de07ce2317
                                                                  • Instruction Fuzzy Hash: 75114F32B10128AFCF049BB4D8489DE7BF6EF8D218B064475E606E7275EF31AC1587A1
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528125661.00000000007D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_7d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7c72d2cec1c35fbdb023966709ab2788677d8f809b8230692464736e6910d7ab
                                                                  • Instruction ID: 775f3978c5547a222459eee71a3b42591d3cd9a8030be878fecb4d86a618bab5
                                                                  • Opcode Fuzzy Hash: 7c72d2cec1c35fbdb023966709ab2788677d8f809b8230692464736e6910d7ab
                                                                  • Instruction Fuzzy Hash: AE01D4B64093406FD301DB15AC41C57BBFCDF86524F09C5AAFC488B202D225AE088BF2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528125661.00000000007D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_7d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fef8348e45a21421206536883bd86003564b0751f7059107abd96f86da8cc94d
                                                                  • Instruction ID: e47713ba7833c62565c4d96f5ad6eba771d5071915ae5cf0a72624f97bc6b414
                                                                  • Opcode Fuzzy Hash: fef8348e45a21421206536883bd86003564b0751f7059107abd96f86da8cc94d
                                                                  • Instruction Fuzzy Hash: A80186B65097806FD7118B15AC51862FFB8EF86530709849FED498B652D229A908CBB2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528125661.00000000007D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_7d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 37e6f5bcc0f825d2d881746341e98ceffc4ed3b8eb6b9f0a9bb12b6aa8570874
                                                                  • Instruction ID: b498a01d11f2a8a5b67df6e81db13a23131a4fa75da75dcd3b133ae356c92bcf
                                                                  • Opcode Fuzzy Hash: 37e6f5bcc0f825d2d881746341e98ceffc4ed3b8eb6b9f0a9bb12b6aa8570874
                                                                  • Instruction Fuzzy Hash: EFF082B69452046FD240DF19ED46856F7ECEF84921F04C52EEC088B301E276AA154AE2
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528125661.00000000007D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_7d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 90214cb930875573570d70d52384ed65acbd9931c4497c20490ee0d2254c5067
                                                                  • Instruction ID: 5547d6e21ab0da2b00bd3c955144bedff1463ba2470ddf72e73454f6a3e3d29c
                                                                  • Opcode Fuzzy Hash: 90214cb930875573570d70d52384ed65acbd9931c4497c20490ee0d2254c5067
                                                                  • Instruction Fuzzy Hash: C6E092B66006005BD750CF0AFC42452F7E8EB88630708C07FDD0D8B711D67AB904CAA5
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbe0452f6501d2133f9a6db89d7d52aa865d7dcfa2b55fba0d8f476fe2217702
                                                                  • Instruction ID: fc08d636218752bcb3359dbf908949e3755565bdc03823220af81ab9f5e43efd
                                                                  • Opcode Fuzzy Hash: dbe0452f6501d2133f9a6db89d7d52aa865d7dcfa2b55fba0d8f476fe2217702
                                                                  • Instruction Fuzzy Hash: FDE0DF31F192541FCB48DBF898942AE7FA2EB86054B4645BAC008C7262EE35894283A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df94a540d80da220a3508a9099f01aca85ae4254abc4b1477194aa5ea623b9e4
                                                                  • Instruction ID: 63292045c4cc0f71af8c5b4adfce896972e938067a57b36b506760c571381083
                                                                  • Opcode Fuzzy Hash: df94a540d80da220a3508a9099f01aca85ae4254abc4b1477194aa5ea623b9e4
                                                                  • Instruction Fuzzy Hash: 91D0C231F002181B8B48DBF8984419FBBEA9B84054B424079D008D3301EE359C4183A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4f5a5e9043d9564279bd7150d2c339ec02354f16c5d695d391f7a6562b084784
                                                                  • Instruction ID: f0d74772677587205a2922a82e2ef113cc85bd4d745928914b4642732a875a07
                                                                  • Opcode Fuzzy Hash: 4f5a5e9043d9564279bd7150d2c339ec02354f16c5d695d391f7a6562b084784
                                                                  • Instruction Fuzzy Hash: 9EE0122028D3804FC70697749869A657F66DF91208F4A81EAD885CB1B7DA749C45C741
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528629259.0000000000F82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F82000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f82000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aa4b7b34aae5f536205c441bc8d5e54c2e32e73eaebfd6a2e82b4ddd0fabcaf8
                                                                  • Instruction ID: a52595962e46a5d90a5bc3386fb298bda90e3a2cea5b9528e5037a12c2509e9e
                                                                  • Opcode Fuzzy Hash: aa4b7b34aae5f536205c441bc8d5e54c2e32e73eaebfd6a2e82b4ddd0fabcaf8
                                                                  • Instruction Fuzzy Hash: 26D02EB92016804FD312EB1CC1A4B8637D4AB40724F0A40FAE8008B363C36CE880E210
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2528629259.0000000000F82000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F82000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_f82000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 72d9fe1b7ed5378aff861e9aff8b08fe39fc91e9c45a9610af46ea2f4c6525bd
                                                                  • Instruction ID: 5dc5dea31d8df4d35c41286323b482e59d8f02f0d6e8a39e2e133235fae6735e
                                                                  • Opcode Fuzzy Hash: 72d9fe1b7ed5378aff861e9aff8b08fe39fc91e9c45a9610af46ea2f4c6525bd
                                                                  • Instruction Fuzzy Hash: 17D05E746002814BC75AEA1CC2E4F9933D4AB40724F1644E9BC108B662C7A8E9C0DA00
                                                                  Memory Dump Source
                                                                  • Source File: 0000000E.00000002.2529861374.0000000004E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_14_2_4e50000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bba8f08debe48e8ade19c0dd512498c68087b570e596a688276acd486d08c70
                                                                  • Instruction ID: 6ee5502cd8b4b16c6404a4fb8e525a28a1ef5e962f996c54c79bb38fb370776d
                                                                  • Opcode Fuzzy Hash: 5bba8f08debe48e8ade19c0dd512498c68087b570e596a688276acd486d08c70
                                                                  • Instruction Fuzzy Hash: 8EC012302003048BD704A768D45CA2573969BC470CF46C06499084B275DE70FC40C680

                                                                  Execution Graph

                                                                  Execution Coverage:21.1%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:76
                                                                  Total number of Limit Nodes:4
                                                                  execution_graph 1111 d6b1d6 1112 d6b202 GetSystemInfo 1111->1112 1113 d6b238 1111->1113 1114 d6b210 1112->1114 1113->1112 1119 d6a716 1120 d6a742 CloseHandle 1119->1120 1121 d6a781 1119->1121 1122 d6a750 1120->1122 1121->1120 1168 d6a6d4 1169 d6a716 CloseHandle 1168->1169 1171 d6a750 1169->1171 1172 d6a850 1173 d6a882 SetFilePointer 1172->1173 1175 d6a8e6 1173->1175 1176 d6a5dc 1177 d6a5fe CreateFileW 1176->1177 1179 d6a685 1177->1179 1138 d6a2da 1139 d6a306 SetErrorMode 1138->1139 1140 d6a32f 1138->1140 1141 d6a31b 1139->1141 1140->1139 1145 d6aa46 1147 d6aa6c CreateDirectoryW 1145->1147 1148 d6aa93 1147->1148 1192 d6ad04 1194 d6ad2a DuplicateHandle 1192->1194 1195 d6adaf 1194->1195 1156 d6a882 1158 d6a8b7 SetFilePointer 1156->1158 1159 d6a8e6 1158->1159 1196 d6a78f 1197 d6a7c2 GetFileType 1196->1197 1199 d6a824 1197->1199 1200 d6a50f 1201 d6a540 GetTempPathW 1200->1201 1203 d6a5c4 1201->1203 1204 d6af8b 1207 d6afb2 FindClose 1204->1207 1206 d6aff3 1207->1206 1208 d6aa0b 1209 d6aa46 CreateDirectoryW 1208->1209 1211 d6aa93 1209->1211 1184 d6ab76 1185 d6abe6 CreatePipe 1184->1185 1187 d6ac3e 1185->1187 1212 d6b1b4 1213 d6b1d6 GetSystemInfo 1212->1213 1215 d6b210 1213->1215 1127 d6afb2 1128 d6b010 1127->1128 1129 d6afde FindClose 1127->1129 1128->1129 1130 d6aff3 1129->1130 1131 d6a172 1132 d6a1c2 FindNextFileW 1131->1132 1133 d6a1ca 1132->1133 1216 d6a933 1217 d6a962 ReadFile 1216->1217 1219 d6a9c9 1217->1219 1188 d6a370 1190 d6a392 RegQueryValueExW 1188->1190 1191 d6a41b 1190->1191 1134 d6a5fe 1135 d6a636 CreateFileW 1134->1135 1137 d6a685 1135->1137 1142 d6abe6 1143 d6ac36 CreatePipe 1142->1143 1144 d6ac3e 1143->1144 1160 d6a962 1162 d6a997 ReadFile 1160->1162 1163 d6a9c9 1162->1163 1220 d6a120 1221 d6a148 FindNextFileW 1220->1221 1223 d6a1ca 1221->1223 1224 d6a2ae 1226 d6a2b2 SetErrorMode 1224->1226 1227 d6a31b 1226->1227

                                                                  Callgraph

                                                                  • Executed
                                                                  • Not Executed
                                                                  • Opacity -> Relevance
                                                                  • Disassembly available
                                                                  callgraph 0 Function_00D6B1D6 1 Function_00D6A6D4 2 Function_010C0808 3 Function_00D620D0 4 Function_00D6A5DC 5 Function_010C0606 6 Function_01360C3D 7 Function_00D6AADA 8 Function_00D6A2DA 9 Function_010C0000 10 Function_01360739 11 Function_00D6A7C2 12 Function_010C0711 13 Function_010C082E 14 Function_00D6A1F4 15 Function_01360014 16 Function_00D623F4 17 Function_00D621F0 18 Function_00D6A5FE 19 Function_01360E18 61 Function_01360BA0 19->61 20 Function_00D6ABE6 21 Function_00D6AAE0 22 Function_01360E08 22->61 23 Function_00D62194 24 Function_00D6A392 25 Function_010C0649 42 Function_010C066A 25->42 26 Function_00D6B49E 27 Function_00D6B39E 28 Function_00D6A09A 29 Function_00D62098 30 Function_00D6A486 31 Function_00D6A882 32 Function_01360C60 33 Function_00D6AC8E 34 Function_00D6A78F 35 Function_010C0055 36 Function_00D6AF8B 37 Function_010C026D 38 Function_00D6B1B4 39 Function_00D622B4 40 Function_00D6AFB2 41 Function_00D6AEB2 43 Function_01360C50 44 Function_00D623BC 45 Function_010C067F 46 Function_00D6A2AE 47 Function_01360748 48 Function_00D6B052 49 Function_00D6A850 50 Function_013602B0 50->5 50->61 70 Function_01360799 50->70 83 Function_010C05C0 50->83 88 Function_010C05DF 50->88 51 Function_00D6B351 52 Function_013605B1 53 Function_010C0784 54 Function_00D6A45C 55 Function_00D6B15D 56 Function_00D62458 57 Function_00D6B246 58 Function_00D6AA46 59 Function_00D62044 60 Function_01360DA2 60->61 62 Function_01360CA8 63 Function_00D6B276 64 Function_00D6AB76 65 Function_00D6A172 66 Function_00D6A370 67 Function_00D6B470 68 Function_010C07A4 69 Function_00D6A078 70->5 70->32 70->43 70->61 70->62 71 Function_01360C99 70->71 70->83 70->88 72 Function_00D6A566 73 Function_00D62264 74 Function_00D62364 75 Function_00D6A962 76 Function_00D6A462 77 Function_01360B8F 78 Function_010C07B6 79 Function_00D6AC6C 80 Function_00D6A716 81 Function_00D62310 82 Function_00D6B01E 84 Function_00D6AB06 85 Function_00D6AD04 86 Function_00D6A005 87 Function_00D6AE05 89 Function_00D62005 90 Function_00D6AF00 91 Function_01360DE0 91->61 92 Function_00D6A50F 93 Function_010C05D0 94 Function_00D6AA0B 95 Function_00D6A933 96 Function_00D62430 97 Function_01360DD1 97->61 98 Function_00D6213C 99 Function_00D6A33D 100 Function_00D6A23A 101 Function_00D6AF22 102 Function_00D6A120 103 Function_013602C0 103->5 103->61 103->70 103->83 103->88 104 Function_00D6B121 105 Function_00D6A02E 106 Function_00D6AD2A

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 d6b246-d6b2eb 5 d6b343-d6b348 0->5 6 d6b2ed-d6b2f5 DuplicateHandle 0->6 5->6 7 d6b2fb-d6b30d 6->7 9 d6b30f-d6b340 7->9 10 d6b34a-d6b34f 7->10 10->9
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D6B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 5d30d3b8025bc4d301f39a4481f2c988d1ae331ffe362abe044243a942f67d0e
                                                                  • Instruction ID: 06590bbd4fccae52c7b24564e59fb00c10a284c30cb4faab5eb923f36b89ebba
                                                                  • Opcode Fuzzy Hash: 5d30d3b8025bc4d301f39a4481f2c988d1ae331ffe362abe044243a942f67d0e
                                                                  • Instruction Fuzzy Hash: 1B31B4B1404344AFEB228B21DC45FA6BFFCEF05320F08449AF985CB162D324A919CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 14 d6ad04-d6ad9f 19 d6adf7-d6adfc 14->19 20 d6ada1-d6ada9 DuplicateHandle 14->20 19->20 22 d6adaf-d6adc1 20->22 23 d6adc3-d6adf4 22->23 24 d6adfe-d6ae03 22->24 24->23
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D6ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: bde8e0d5ec061f3ce2a29a6dac3e972dcf21d2c49dc8afb362a0f53eb91522ec
                                                                  • Instruction ID: e2e07780e1f029645ad8314465d4afc8b2309596c341b96eb08b2b677507d0a4
                                                                  • Opcode Fuzzy Hash: bde8e0d5ec061f3ce2a29a6dac3e972dcf21d2c49dc8afb362a0f53eb91522ec
                                                                  • Instruction Fuzzy Hash: 1931B3B2404344AFEB228F65DC45FA7BFECEF05214F08489AF985DB152D624A919CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 28 d6ab76-d6ac67 CreatePipe
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00D6AC36
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: 54897b9d043e75f6cfd74f49912983383fc973849919326e1b4f7c32579956a4
                                                                  • Instruction ID: f73b87df57f641b28a3e19836838ddf59f0474ef4f43c016a9ecaa7c385f6d45
                                                                  • Opcode Fuzzy Hash: 54897b9d043e75f6cfd74f49912983383fc973849919326e1b4f7c32579956a4
                                                                  • Instruction Fuzzy Hash: 36315A7240E3C06FD3038B718C65A66BFB4AF47610F1A84CBD8C4DF1A3D6696919CB62

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 33 d6a5dc-d6a656 37 d6a65b-d6a667 33->37 38 d6a658 33->38 39 d6a66c-d6a675 37->39 40 d6a669 37->40 38->37 41 d6a6c6-d6a6cb 39->41 42 d6a677-d6a69b CreateFileW 39->42 40->39 41->42 45 d6a6cd-d6a6d2 42->45 46 d6a69d-d6a6c3 42->46 45->46
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00D6A67D
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: c034d68487fca89e28d0b460d7dc3d0b963260da6a1616eea8024d02e34761f9
                                                                  • Instruction ID: 9f6bba2c0f1f0d26535974fd1f5f6833fa3b5be3c2b4a4bf0026087bab399407
                                                                  • Opcode Fuzzy Hash: c034d68487fca89e28d0b460d7dc3d0b963260da6a1616eea8024d02e34761f9
                                                                  • Instruction Fuzzy Hash: 7331BFB1504340AFE722CF65DD85F62BBE8EF09220F08849EF9859B252D375E809CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 49 d6a120-d6a1f3 FindNextFileW
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00D6A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 67e847f7e45daeccd89cba2dbdcd0d44685648ea8cfdde1bbfd7e9f1cdfc56ce
                                                                  • Instruction ID: ae5b6195a3be65cab5d3f9f2630201338bdb534f9bf53e5534d4530d0e403246
                                                                  • Opcode Fuzzy Hash: 67e847f7e45daeccd89cba2dbdcd0d44685648ea8cfdde1bbfd7e9f1cdfc56ce
                                                                  • Instruction Fuzzy Hash: 2931947140D3C06FD3128B258C55BA6BFB4EF47610F1945CBE8849F193D629A91AC7B2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 90 d6b276-d6b2eb 94 d6b343-d6b348 90->94 95 d6b2ed-d6b2f5 DuplicateHandle 90->95 94->95 96 d6b2fb-d6b30d 95->96 98 d6b30f-d6b340 96->98 99 d6b34a-d6b34f 96->99 99->98
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D6B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: b82190f64677cc04a0e9b2e4989b545b4593725e04c2604a85ff044de2ad8e0a
                                                                  • Instruction ID: 6f134074ca9cef2ba76b84520400ad4df647cfd646979ccc84dfae0e00a526da
                                                                  • Opcode Fuzzy Hash: b82190f64677cc04a0e9b2e4989b545b4593725e04c2604a85ff044de2ad8e0a
                                                                  • Instruction Fuzzy Hash: 6E21B0B2500204AFEB219F61DC45F6ABBECEF04324F04886AFA85DA251D734E5488BB5

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 55 d6a370-d6a3cf 58 d6a3d4-d6a3dd 55->58 59 d6a3d1 55->59 60 d6a3e2-d6a3e8 58->60 61 d6a3df 58->61 59->58 62 d6a3ed-d6a404 60->62 63 d6a3ea 60->63 61->60 65 d6a406-d6a419 RegQueryValueExW 62->65 66 d6a43b-d6a440 62->66 63->62 67 d6a442-d6a447 65->67 68 d6a41b-d6a438 65->68 66->65 67->68
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A40C
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: bb5434015f457cdb5777d9f7a3ab1cc6004cbb26e8caeea96f1c3d970553fbc7
                                                                  • Instruction ID: 45f03377b4c8a19ccfcfa17f5d98cd802ca9a7c9b446d009e960ae490867efe0
                                                                  • Opcode Fuzzy Hash: bb5434015f457cdb5777d9f7a3ab1cc6004cbb26e8caeea96f1c3d970553fbc7
                                                                  • Instruction Fuzzy Hash: F5218BB6504744AFD721CF15DC84FA2BBF8EF05710F08849AE989DB292D764E908CB72

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 72 d6a50f-d6a563 74 d6a566-d6a5be GetTempPathW 72->74 76 d6a5c4-d6a5da 74->76
                                                                  APIs
                                                                  • GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00D6A5B6
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: PathTemp
                                                                  • String ID:
                                                                  • API String ID: 2920410445-0
                                                                  • Opcode ID: fdfcfe347b4cfc5d2d2e72bfc3b0db2124098e9d12c8f55b3e2290bd2ec1bff6
                                                                  • Instruction ID: 73d39a7010328c63ec49e37731e114d2f82a50e7e7f3264457b8ac2f11e890af
                                                                  • Opcode Fuzzy Hash: fdfcfe347b4cfc5d2d2e72bfc3b0db2124098e9d12c8f55b3e2290bd2ec1bff6
                                                                  • Instruction Fuzzy Hash: 5421B5B140D3C06FD3138B25CC51B62BFB8EF87614F0A81DBE8848B593D624A919C7B2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 77 d6ad2a-d6ad9f 81 d6adf7-d6adfc 77->81 82 d6ada1-d6ada9 DuplicateHandle 77->82 81->82 84 d6adaf-d6adc1 82->84 85 d6adc3-d6adf4 84->85 86 d6adfe-d6ae03 84->86 86->85
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00D6ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: ac84b5f7f689587b0443fb7b0b8e7f8444ecf380d96008af2b7e41268eb48e89
                                                                  • Instruction ID: c6c83f6b4f922eae3c04444358659390775c6058e39eb4ca68c2cc25d09cd697
                                                                  • Opcode Fuzzy Hash: ac84b5f7f689587b0443fb7b0b8e7f8444ecf380d96008af2b7e41268eb48e89
                                                                  • Instruction Fuzzy Hash: CA21DEB2000204AFEB219F24DC85F6BBBECEF04324F04886AFA859A551E734A5048FB1

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 103 d6a850-d6a8d6 107 d6a91a-d6a91f 103->107 108 d6a8d8-d6a8f8 SetFilePointer 103->108 107->108 111 d6a921-d6a926 108->111 112 d6a8fa-d6a917 108->112 111->112
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: c347ada208fb1372596d608b9cc2cb6f94e15c2453ef1a86d1a0f2f1ddda0ee7
                                                                  • Instruction ID: 50fa41722bf63b28dccee1101c320f37866b53d60339e496fced848de964476d
                                                                  • Opcode Fuzzy Hash: c347ada208fb1372596d608b9cc2cb6f94e15c2453ef1a86d1a0f2f1ddda0ee7
                                                                  • Instruction Fuzzy Hash: A121B6B1408380AFE7228F24DC45F66BFB8EF46714F0984DBF9859F152C265A919CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 115 d6a933-d6a9b9 119 d6a9fd-d6aa02 115->119 120 d6a9bb-d6a9db ReadFile 115->120 119->120 123 d6aa04-d6aa09 120->123 124 d6a9dd-d6a9fa 120->124 123->124
                                                                  APIs
                                                                  • ReadFile.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: f86a90842bfd7293ed5e4164ff74a0b4076ec22fd33bbd0fabad708b1026d722
                                                                  • Instruction ID: 385dfc5a2d558f00ac01e78f86b038a81bd46e625ee3cae53baa916f0c9ffc56
                                                                  • Opcode Fuzzy Hash: f86a90842bfd7293ed5e4164ff74a0b4076ec22fd33bbd0fabad708b1026d722
                                                                  • Instruction Fuzzy Hash: A421A171409380AFDB228F65DC45F96BFB8EF06314F08849BE9859F152C265A508CBB2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 127 d6a5fe-d6a656 130 d6a65b-d6a667 127->130 131 d6a658 127->131 132 d6a66c-d6a675 130->132 133 d6a669 130->133 131->130 134 d6a6c6-d6a6cb 132->134 135 d6a677-d6a67f CreateFileW 132->135 133->132 134->135 137 d6a685-d6a69b 135->137 138 d6a6cd-d6a6d2 137->138 139 d6a69d-d6a6c3 137->139 138->139
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00D6A67D
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 81e1539ce071ad9e95c6bd44e0e99272677fc4b50d02d03baaa285f021bcd239
                                                                  • Instruction ID: 650a7fd3479c298986b7658c6366472b508199f5327980a56af8c4b505067c75
                                                                  • Opcode Fuzzy Hash: 81e1539ce071ad9e95c6bd44e0e99272677fc4b50d02d03baaa285f021bcd239
                                                                  • Instruction Fuzzy Hash: 8721A1B1500600AFEB21DF65DD85F66FBE8EF08324F18846AEA859B251D775E804CF72

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 142 d6a78f-d6a80d 146 d6a842-d6a847 142->146 147 d6a80f-d6a822 GetFileType 142->147 146->147 148 d6a824-d6a841 147->148 149 d6a849-d6a84e 147->149 149->148
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A815
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: 30d7041134e1c666d944feb5c3991396cc4632fc00165904b82fc2a3f485bf9c
                                                                  • Instruction ID: 8f30bf33cec7ee463bd9491952344bbac6f2ef64e5beaf57c64a7435bd29e008
                                                                  • Opcode Fuzzy Hash: 30d7041134e1c666d944feb5c3991396cc4632fc00165904b82fc2a3f485bf9c
                                                                  • Instruction Fuzzy Hash: 3621EBB54083806FE7128B21DC45BA2BFF8EF47714F0880D7F9859B193D268A909C775

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 153 d6aa0b-d6aa6a 155 d6aa6f-d6aa75 153->155 156 d6aa6c 153->156 157 d6aa77 155->157 158 d6aa7a-d6aa83 155->158 156->155 157->158 159 d6aac4-d6aac9 158->159 160 d6aa85-d6aaa5 CreateDirectoryW 158->160 159->160 163 d6aaa7-d6aac3 160->163 164 d6aacb-d6aad0 160->164 164->163
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 00D6AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: cce25f1c41a6ad088952d57c9e236ad753c1a211744a8488d5b86129493ccf16
                                                                  • Instruction ID: 6bae72759fd74945e1641f43766805f5e03b15fd6ed403c42e3e292e9c706898
                                                                  • Opcode Fuzzy Hash: cce25f1c41a6ad088952d57c9e236ad753c1a211744a8488d5b86129493ccf16
                                                                  • Instruction Fuzzy Hash: E721AF755083809FDB12CB69DC55B92BFE8AF06314F0D84EAE884DB153D224D909CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 166 d6a392-d6a3cf 168 d6a3d4-d6a3dd 166->168 169 d6a3d1 166->169 170 d6a3e2-d6a3e8 168->170 171 d6a3df 168->171 169->168 172 d6a3ed-d6a404 170->172 173 d6a3ea 170->173 171->170 175 d6a406-d6a419 RegQueryValueExW 172->175 176 d6a43b-d6a440 172->176 173->172 177 d6a442-d6a447 175->177 178 d6a41b-d6a438 175->178 176->175 177->178
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A40C
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: 240f76c3c9d5d2369753544bd0d7082bbaeec718e2389afefc4ac2ef17dbf6af
                                                                  • Instruction ID: efe249b0ae8cc7289e4b31d72a1fe8e67d4d271920f842a0613f7b14849d1ca8
                                                                  • Opcode Fuzzy Hash: 240f76c3c9d5d2369753544bd0d7082bbaeec718e2389afefc4ac2ef17dbf6af
                                                                  • Instruction Fuzzy Hash: 8E218EB5500604AFE720CF25DC85F66B7ECEF04710F18845AE98A9B251D764E909CA72
                                                                  APIs
                                                                  • ReadFile.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileRead
                                                                  • String ID:
                                                                  • API String ID: 2738559852-0
                                                                  • Opcode ID: aa9d6958be1608a4b8c4003cef1cae3181890ac208dbce6f0ac08b9f3049b982
                                                                  • Instruction ID: 1fd55a464e137e446b95d7a5c117106b1d5f4b0b259a82f472cd1d3e1e527acd
                                                                  • Opcode Fuzzy Hash: aa9d6958be1608a4b8c4003cef1cae3181890ac208dbce6f0ac08b9f3049b982
                                                                  • Instruction Fuzzy Hash: C611C471400200AFEB21DF65DD85F66FBE8EF04724F18845BEA859B251C778A544CFB6
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: 89286aa27376e06945c2551b0ffbbc4d6be31c15381ee61fae08304b03ad1efc
                                                                  • Instruction ID: ed5d5e9d383d3dc501e569cb78f75f0d53eb4f69aa5c3ba623920209342e54cc
                                                                  • Opcode Fuzzy Hash: 89286aa27376e06945c2551b0ffbbc4d6be31c15381ee61fae08304b03ad1efc
                                                                  • Instruction Fuzzy Hash: 2A11E7B1400200AFEB21DF54DC85F66FBE8EF44724F18845BEE859B241C774A9048FB6
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 00D6A30C
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: dec87e30a5944647e57d758efda72cc2da29beea6846bef65796a0c20f15850c
                                                                  • Instruction ID: 6f7cba880c84b524972546c1b31f9470ebb6cfb8407c54a2633724f15310e5c5
                                                                  • Opcode Fuzzy Hash: dec87e30a5944647e57d758efda72cc2da29beea6846bef65796a0c20f15850c
                                                                  • Instruction Fuzzy Hash: 5711A0754093C09FDB228B25DC54A52BFB4EF17220F0D80DBED859F263D265A908CB72
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 00D6AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: 8e9571a7f61685bde0631f65b0c65a255852b3db033353908f1750291f168a04
                                                                  • Instruction ID: c845fb55d61b0393bc745e5577a6235ff5263587e01563c7f986b6ba7d730634
                                                                  • Opcode Fuzzy Hash: 8e9571a7f61685bde0631f65b0c65a255852b3db033353908f1750291f168a04
                                                                  • Instruction Fuzzy Hash: D0115E756002419FEB10DF69D985B56BBD8EF04320F0CC4AAED89DB252E774E904CE72
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,6402859A,00000000,00000000,00000000,00000000), ref: 00D6A815
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: 2339bf7241e5f533ca5ced7f3a5559e99cb5a3932777d9f7e18dfa45033859ad
                                                                  • Instruction ID: edde95efeaa07175b176909f07c09c5c356ca4012265599a1812a2e57e6aeab3
                                                                  • Opcode Fuzzy Hash: 2339bf7241e5f533ca5ced7f3a5559e99cb5a3932777d9f7e18dfa45033859ad
                                                                  • Instruction Fuzzy Hash: 9D01F9B5500200AFE720DB15DD85B66FBDCDF44724F18C096FE459B241D778E9048EB6
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 5a880e483d135038b074696d30d7d7670170e2755f0b5794190e1b32358fe28c
                                                                  • Instruction ID: a04dd6d6a03ae1c513eeb6099a57559f114e4283867c47f8a8a33192b60458b6
                                                                  • Opcode Fuzzy Hash: 5a880e483d135038b074696d30d7d7670170e2755f0b5794190e1b32358fe28c
                                                                  • Instruction Fuzzy Hash: 8311A0755093C09FD7128B25DC45B52BFF4EF06220F0D84DBED898B262D264A858CB61
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 00D6B208
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: 764ab56fadbc3776139302f63d52d64c3b148fed823cacb55b42745ce244fd39
                                                                  • Instruction ID: 49bdde16293b46be293e63e06b7a2452fd657f61db1ddb35bd44c185837df478
                                                                  • Opcode Fuzzy Hash: 764ab56fadbc3776139302f63d52d64c3b148fed823cacb55b42745ce244fd39
                                                                  • Instruction Fuzzy Hash: 57117C71409380AFDB128F15DC94B56BFB4EF56220F0884EBED899F252D275A948CB72
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00D6A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: c3542a049056e5af2f177b74b43cceeba6ad9c258815678c0d16c28ead5b2b72
                                                                  • Instruction ID: a354af66e0d9bb42967a0a218c0fd027e86b27608174b7aad039949c2e66f775
                                                                  • Opcode Fuzzy Hash: c3542a049056e5af2f177b74b43cceeba6ad9c258815678c0d16c28ead5b2b72
                                                                  • Instruction Fuzzy Hash: A80184B1900200AFD310DF16DD46B26FBE8FB88A20F14855AED089B741D735F955CBE5
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00D6AC36
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: 549ec16f8bd3ff8a55610d1410d5020db5948eec46a2f5f6c525f05e1e65bf02
                                                                  • Instruction ID: e423e4a2438eb5070381e44d6a408ca9c7d2157c3aca80495ff1644e186de2ae
                                                                  • Opcode Fuzzy Hash: 549ec16f8bd3ff8a55610d1410d5020db5948eec46a2f5f6c525f05e1e65bf02
                                                                  • Instruction Fuzzy Hash: 9301B1B1900200AFD310DF16CD46B26FBE8FB88A20F14811AED089B641D735F915CBE1
                                                                  APIs
                                                                  • GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00D6A5B6
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: PathTemp
                                                                  • String ID:
                                                                  • API String ID: 2920410445-0
                                                                  • Opcode ID: 2e51a3173bc85126f0c9e55c98dbea6699e164d4e0a4b199baab9af20bff2dbc
                                                                  • Instruction ID: a6f7a65f08cf83a482800f48730ae0f984be5b3a3cb432f1ecd01693450a50e8
                                                                  • Opcode Fuzzy Hash: 2e51a3173bc85126f0c9e55c98dbea6699e164d4e0a4b199baab9af20bff2dbc
                                                                  • Instruction Fuzzy Hash: 42018671500210ABD310DF16DD46B26FBE8FB88A20F14815AED085B741D775F955CBE5
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 00D6B208
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: 7a5ce0979136aca17327847dce43161ffbdb617c2bd923108faeb0486ac0f279
                                                                  • Instruction ID: fa792c28ac51b10c383cacf363351e02e3e32380eb6a69c2701a63c71bcd1a34
                                                                  • Opcode Fuzzy Hash: 7a5ce0979136aca17327847dce43161ffbdb617c2bd923108faeb0486ac0f279
                                                                  • Instruction Fuzzy Hash: 7C018B718002409FDB10DF15E88576AFBE8EF08320F18C4ABDD899F252D379A944CBB6
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: df52379e28017d78290853e1c4e5a91d3e224c828355f79cd154ece4b415a37d
                                                                  • Instruction ID: 1b7d7bdb02f54f5a56b4c7238d5323f4b523d0c3f5dc3789d597344d029e2649
                                                                  • Opcode Fuzzy Hash: df52379e28017d78290853e1c4e5a91d3e224c828355f79cd154ece4b415a37d
                                                                  • Instruction Fuzzy Hash: EF01D1B55002409FDB149F19D885762FBE4EF05320F08C0AAED898B252D379E858DEB2
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 00D6A30C
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: c7f2aa0c317aee3230bbc11bc8d57c993cabb9676347e5b65ad9d5b571833171
                                                                  • Instruction ID: e445c08cffc990c2d928b812aecc716abfee886f714ba1c9400c564041b79948
                                                                  • Opcode Fuzzy Hash: c7f2aa0c317aee3230bbc11bc8d57c993cabb9676347e5b65ad9d5b571833171
                                                                  • Instruction Fuzzy Hash: 64F08C75404240DFDB209F19E885762FBA4EF04720F18C09ADD895B352D379A954CEB2
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Oj
                                                                  • API String ID: 0-2889815623
                                                                  • Opcode ID: 48b3c9ab0900d90d536d6b38b8993205c8683abd306b2523686676c867f323ce
                                                                  • Instruction ID: 2b2f5e86b389d645596938ba61824e19678ba72d5d68f5654f2fcc50d3eb80c5
                                                                  • Opcode Fuzzy Hash: 48b3c9ab0900d90d536d6b38b8993205c8683abd306b2523686676c867f323ce
                                                                  • Instruction Fuzzy Hash: 94A18030B002159FDB08AFB6D45577E77A7EB88708F15842AEA0697399DF78CC01CBA1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: [M]
                                                                  • API String ID: 0-465296422
                                                                  • Opcode ID: 7c04e4a06add178c009cb0f0a08b7e72818b4b8248519764e3989d8a5b36068c
                                                                  • Instruction ID: 012de1b1c522c52f538151fd0202f425b732390d30574c8ae72cdc323b9804a5
                                                                  • Opcode Fuzzy Hash: 7c04e4a06add178c009cb0f0a08b7e72818b4b8248519764e3989d8a5b36068c
                                                                  • Instruction Fuzzy Hash: C4215530B002148FCB45EB3A881076E7BD6AFD6308B15853DD286CB396DF35E802C7A1
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: [M]
                                                                  • API String ID: 0-465296422
                                                                  • Opcode ID: 9baa81a21a52ac7014b01a6ffe5a8cbafda4f8e3c54846bab5e507f1eb4743d3
                                                                  • Instruction ID: 29e0b6ae8422a767dc076a95cf9f300327eb4eac56e15a1c8518a0ca25c03140
                                                                  • Opcode Fuzzy Hash: 9baa81a21a52ac7014b01a6ffe5a8cbafda4f8e3c54846bab5e507f1eb4743d3
                                                                  • Instruction Fuzzy Hash: 4D214730B002148BCB14FB36C81066EBBD6AFC4208B41883DD186CB386DF35E90287E5
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 00D6A748
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: b90b91e4f809ac6da71e93bf69e5fb0740b54a2805a8b1ee113af928269147f6
                                                                  • Instruction ID: 7d73e29d8b0cb1c53ff184de311cfdb5797486f7525703758d80ab112b6efb28
                                                                  • Opcode Fuzzy Hash: b90b91e4f809ac6da71e93bf69e5fb0740b54a2805a8b1ee113af928269147f6
                                                                  • Instruction Fuzzy Hash: 652192B55097C09FD7128B25DC55792BFB4EF07320F0980DAEC859F1A3D2249908CB72
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 00D6A748
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149531866.0000000000D6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D6A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d6a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: e474d185ac632b5a751fa8b2f4f1bb51054b0db31a2f944538c3ef869552abb9
                                                                  • Instruction ID: f6d196c51c6c0afae8f7f189e7345a9a0d50e2d3d5c5fe22e11a2ace1dc7d867
                                                                  • Opcode Fuzzy Hash: e474d185ac632b5a751fa8b2f4f1bb51054b0db31a2f944538c3ef869552abb9
                                                                  • Instruction Fuzzy Hash: 3F01F2759002409FDB10CF29D885766FBE8EF04321F18C4AADD899F252D278E904CEB2
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58c57281b9c792cb29859761e93bfed6d429132b80c2e7f7896607839a87c92e
                                                                  • Instruction ID: fd04a21e305da54c8cf7469c6e43b42a3c2b607abb081c08374957146f1adae6
                                                                  • Opcode Fuzzy Hash: 58c57281b9c792cb29859761e93bfed6d429132b80c2e7f7896607839a87c92e
                                                                  • Instruction Fuzzy Hash: 59B19334701224EFCB18EF66E859B5E7BB6FF88744B128527E60697398DB309C00CB61
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a792a4b470271750fad058317590105df2c18feaa71cd2132b02dbe4a7939433
                                                                  • Instruction ID: df96e3f5fac8c4e7c63769d7dbb33c5b3c21ffdd036d827e4a05c2a71634e430
                                                                  • Opcode Fuzzy Hash: a792a4b470271750fad058317590105df2c18feaa71cd2132b02dbe4a7939433
                                                                  • Instruction Fuzzy Hash: D1115132A10128AFCF049BB5D84899E7BF6FF8C214B064576E606E7276DF31981587A1
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150281316.00000000010C0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_10c0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f87aea0eeb379f75894093026df7b0f743c391d6b81516e086da1b9e1064bce7
                                                                  • Instruction ID: 1219c4040dfef5701a55f3482e1aebedf4c4b2fcf0fa45211b583e0a6a818ffd
                                                                  • Opcode Fuzzy Hash: f87aea0eeb379f75894093026df7b0f743c391d6b81516e086da1b9e1064bce7
                                                                  • Instruction Fuzzy Hash: 3201B5B6409640AFC3019B25AC45C53BBF8DF86524B09856AF8488B202D235A9148BB2
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150281316.00000000010C0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_10c0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c220290ec0f557b258d1a7e5d203ce1bf725cd1c02361c257a0782cf018c09b3
                                                                  • Instruction ID: 9b75f18d2be2ab7e2149f9e3cf3bb09cb2156a4332616d0d7a59838c86528033
                                                                  • Opcode Fuzzy Hash: c220290ec0f557b258d1a7e5d203ce1bf725cd1c02361c257a0782cf018c09b3
                                                                  • Instruction Fuzzy Hash: 0101DBB54097806FC7118F169C41862FFF8EF46130708C49FED4987652C129A804CB72
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150281316.00000000010C0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_10c0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b3164f8ed48c0e30df8dcb986f97f62fbc13b178edcd9e74f4bfa4dd94c9b0ef
                                                                  • Instruction ID: 8736dc71d2ea2130a9015d34d2f56cc46d3bc311fd644ea47e45403e7794f1d8
                                                                  • Opcode Fuzzy Hash: b3164f8ed48c0e30df8dcb986f97f62fbc13b178edcd9e74f4bfa4dd94c9b0ef
                                                                  • Instruction Fuzzy Hash: 94F082B6845204AB9240DF19ED46856F7ECEF84521F04C52AFC0D8B300E276AA154AF2
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150281316.00000000010C0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_10c0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1298ed6669e6b6c67ac704d255bb8770aede7d6ea76d7629a6ccff8acc58982e
                                                                  • Instruction ID: bec31be21bbc12c6863750bf88b4c34e2b144143a140adca7f3b8229c0397644
                                                                  • Opcode Fuzzy Hash: 1298ed6669e6b6c67ac704d255bb8770aede7d6ea76d7629a6ccff8acc58982e
                                                                  • Instruction Fuzzy Hash: 7EF0A7B7A462508FCB41CF15AC41055FB90EB95630718C4ABD94E8B742D636E50ACF95
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150281316.00000000010C0000.00000040.00000020.00020000.00000000.sdmp, Offset: 010C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_10c0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a715dc1f6c5077d54597e9ec5a27e9217acb0f668df8d1e005e6e80ec02701d6
                                                                  • Instruction ID: 73d7c5295978c37f9ab72f1a3df7912cf4d180119402c760a50e86be0feaa876
                                                                  • Opcode Fuzzy Hash: a715dc1f6c5077d54597e9ec5a27e9217acb0f668df8d1e005e6e80ec02701d6
                                                                  • Instruction Fuzzy Hash: CDE092B66006009B9650DF0AEC41452F7D8EB88630708C07FDD0E8B701D63AB904CEA5
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bb9a01e2fa462cb6c786a21876eb958b3a9e81bea891dc8bd5868ad344e6734b
                                                                  • Instruction ID: cd4ffc74a29f9dfa5e79c497a088786eba27b220428932794e85212cca7294fa
                                                                  • Opcode Fuzzy Hash: bb9a01e2fa462cb6c786a21876eb958b3a9e81bea891dc8bd5868ad344e6734b
                                                                  • Instruction Fuzzy Hash: ACE0DF71F152141FCF84DBF8944019E7FB2DF8A520B8284BAD008D7352EE358C0283A0
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8c8bef873cbce4d054333238145f218d3e0c63158a5286145c9e3e5d8535a5e8
                                                                  • Instruction ID: 63292045c4cc0f71af8c5b4adfce896972e938067a57b36b506760c571381083
                                                                  • Opcode Fuzzy Hash: 8c8bef873cbce4d054333238145f218d3e0c63158a5286145c9e3e5d8535a5e8
                                                                  • Instruction Fuzzy Hash: 91D0C231F002181B8B48DBF8984419FBBEA9B84054B424079D008D3301EE359C4183A0
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b79fb77bb64a93f5e3f3aa9eca8624a186c5002e57969c1adfbd89af77784c3f
                                                                  • Instruction ID: aa48ed72095792eb850d2d31f809dd4dd701df923a0c7ec6724426fef66599c6
                                                                  • Opcode Fuzzy Hash: b79fb77bb64a93f5e3f3aa9eca8624a186c5002e57969c1adfbd89af77784c3f
                                                                  • Instruction Fuzzy Hash: 6AE0CD301483405FCB065B3598555953F715F93314F05C1D6D5458F1B7C674C854D790
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e437f0159ec802a3d8e1385ae52714f8bea598c81a200fad3a0b7e11d7c0d3f
                                                                  • Instruction ID: 6ae4db61e8369f980804ea176994caed7e172c35ac8d7a3ddd7b75262d2750df
                                                                  • Opcode Fuzzy Hash: 0e437f0159ec802a3d8e1385ae52714f8bea598c81a200fad3a0b7e11d7c0d3f
                                                                  • Instruction Fuzzy Hash: 36E02B312193804FCB0A5B7898145583FA49F8B304F49C0D2D6884F377C670CC01C750
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149483999.0000000000D62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D62000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d62000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fd49c2f97b02b0c10a883c25a798f33f7ef890349a4c030fa67fa19b8426a026
                                                                  • Instruction ID: 9e96d22be5637234738797a9db098a95c3ec2b019ef634fe747b577a4f3155a3
                                                                  • Opcode Fuzzy Hash: fd49c2f97b02b0c10a883c25a798f33f7ef890349a4c030fa67fa19b8426a026
                                                                  • Instruction Fuzzy Hash: D3D02EB9201A804FD3128B1CC1AABA637D4AF61704F0A40F9E8008B763CB2CE880C210
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4149483999.0000000000D62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D62000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_d62000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c676ed01e6ab35910f2526966e12e22c948f5bf89cc167cfc56c6bf7d470da72
                                                                  • Instruction ID: 52aed4f31b1c879995fc5d11fbe2e58e551528a24d101680f88500831500ca25
                                                                  • Opcode Fuzzy Hash: c676ed01e6ab35910f2526966e12e22c948f5bf89cc167cfc56c6bf7d470da72
                                                                  • Instruction Fuzzy Hash: 02D05E742006814BC719DB1CC2D4F6933D4AB40714F1A44EDAC108B762C7A8D8C0CA10
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1dc3ae5c7b15b4df9a580c9c4feb125e9e3f8f0505a572407e5806882cd14dc2
                                                                  • Instruction ID: a692df204e44e69c53376460e8a93032c88098548a5d1e38fd4703ff86865aad
                                                                  • Opcode Fuzzy Hash: 1dc3ae5c7b15b4df9a580c9c4feb125e9e3f8f0505a572407e5806882cd14dc2
                                                                  • Instruction Fuzzy Hash: 65C012302003188BCB0CA77DD959A297B9D9BD8608F85C16595085B269CAB0E840C740
                                                                  Memory Dump Source
                                                                  • Source File: 00000016.00000002.4150557470.0000000001360000.00000040.00000800.00020000.00000000.sdmp, Offset: 01360000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_22_2_1360000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e47687677105e5b682938100438aedf2488adc463760f6624c1e225c9f36c037
                                                                  • Instruction ID: cd6d47469603b0acfc957cdaa70835e8d70c56e6435d3cec8b996273b61796f7
                                                                  • Opcode Fuzzy Hash: e47687677105e5b682938100438aedf2488adc463760f6624c1e225c9f36c037
                                                                  • Instruction Fuzzy Hash: 27C012302003188BDB08AB6DD959A25779E9BD4608F46C16595090B269CA70E850C6C0

                                                                  Execution Graph

                                                                  Execution Coverage:20.9%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:73
                                                                  Total number of Limit Nodes:4
                                                                  execution_graph 1159 126abe6 1160 126ac36 CreatePipe 1159->1160 1161 126ac3e 1160->1161 1170 126a962 1171 126a997 WriteFile 1170->1171 1173 126a9c9 1171->1173 1214 126a120 1215 126a148 FindNextFileW 1214->1215 1217 126a1ca 1215->1217 1218 126a2ae 1219 126a2b2 SetErrorMode 1218->1219 1221 126a31b 1219->1221 1246 126ab76 1247 126abe6 CreatePipe 1246->1247 1249 126ac3e 1247->1249 1222 126b1b4 1224 126b1d6 GetSystemInfo 1222->1224 1225 126b210 1224->1225 1194 126afb2 1195 126b010 1194->1195 1196 126afde FindClose 1194->1196 1195->1196 1197 126aff3 1196->1197 1202 126a172 1203 126a1b2 FindNextFileW 1202->1203 1205 126a1ca 1203->1205 1226 126a933 1227 126a962 WriteFile 1226->1227 1229 126a9c9 1227->1229 1250 126a370 1252 126a392 RegQueryValueExW 1250->1252 1253 126a41b 1252->1253 1206 126a5fe 1207 126a636 CreateFileW 1206->1207 1209 126a685 1207->1209 1162 126aa46 1164 126aa6c CreateDirectoryW 1162->1164 1165 126aa93 1164->1165 1230 126ad04 1231 126ad2a DuplicateHandle 1230->1231 1233 126adaf 1231->1233 1166 126a882 1168 126a8b7 SetFilePointer 1166->1168 1169 126a8e6 1168->1169 1234 126a78f 1235 126a7c2 GetFileType 1234->1235 1237 126a824 1235->1237 1238 126aa0b 1239 126aa46 CreateDirectoryW 1238->1239 1241 126aa93 1239->1241 1242 126af8b 1243 126afb2 FindClose 1242->1243 1245 126aff3 1243->1245 1182 126a716 1183 126a742 CloseHandle 1182->1183 1184 126a781 1182->1184 1185 126a750 1183->1185 1184->1183 1190 126b1d6 1191 126b202 GetSystemInfo 1190->1191 1192 126b238 1190->1192 1193 126b210 1191->1193 1192->1191 1258 126a6d4 1259 126a716 CloseHandle 1258->1259 1261 126a750 1259->1261 1262 126a850 1263 126a882 SetFilePointer 1262->1263 1265 126a8e6 1263->1265 1266 126a5dc 1268 126a5fe CreateFileW 1266->1268 1269 126a685 1268->1269 1210 126a2da 1211 126a306 SetErrorMode 1210->1211 1212 126a32f 1210->1212 1213 126a31b 1211->1213 1212->1211

                                                                  Callgraph

                                                                  • Executed
                                                                  • Not Executed
                                                                  • Opacity -> Relevance
                                                                  • Disassembly available
                                                                  callgraph 0 Function_014D064F 20 Function_014D066A 0->20 1 Function_0126AF22 2 Function_014D0648 3 Function_0126A120 4 Function_0126B121 5 Function_0126A02E 6 Function_05120E18 81 Function_05120BA0 6->81 7 Function_0126AD2A 8 Function_05120006 9 Function_0126A933 10 Function_01262430 11 Function_05120E08 11->81 12 Function_0126213C 13 Function_0126A33D 14 Function_0126A23A 15 Function_0126AB06 16 Function_0126AD04 17 Function_0126A005 18 Function_0126AE05 19 Function_0126AF00 21 Function_0126A50F 22 Function_05120739 23 Function_0126AA0B 24 Function_05120C3D 25 Function_0126A716 26 Function_014D067F 27 Function_0126B01E 28 Function_0126201C 29 Function_0126A566 30 Function_014D000C 31 Function_05120C50 32 Function_01262364 33 Function_01262264 34 Function_0126A962 35 Function_0126A462 36 Function_014D0808 37 Function_014D0004 38 Function_0126AC6C 39 Function_014D0606 40 Function_0126B576 41 Function_0126B276 42 Function_0126B476 43 Function_0126AB76 44 Function_0126A172 45 Function_0126A370 46 Function_05120748 47 Function_014D0710 48 Function_0126A078 49 Function_0126AA46 50 Function_0126B246 51 Function_014D082E 52 Function_0126B442 53 Function_0126B548 54 Function_05120C60 55 Function_0126B052 56 Function_0126A850 57 Function_0126B351 58 Function_0126A45C 59 Function_0126B15D 60 Function_01262458 61 Function_0126A2AE 62 Function_014D05C4 63 Function_05120799 63->2 63->31 63->39 63->54 64 Function_05120C99 63->64 71 Function_05120B8F 63->71 79 Function_014D05E3 63->79 63->81 85 Function_05120CA8 63->85 65 Function_014D04C0 66 Function_0126B1B4 67 Function_0126AEB2 68 Function_0126AFB2 69 Function_012623BC 70 Function_014D05D0 72 Function_0126A486 73 Function_051202B0 73->2 73->39 73->63 73->71 73->79 73->81 74 Function_051205B1 75 Function_0126A882 76 Function_0126AC8E 77 Function_0126A78F 78 Function_0126AF8B 80 Function_05120DA2 80->81 82 Function_01262194 83 Function_0126A392 84 Function_0126B39E 86 Function_0126A09A 87 Function_01262098 88 Function_0126ABE6 89 Function_05120DD1 89->81 90 Function_0126AAE0 91 Function_014D0784 92 Function_0126A1F4 93 Function_051202C0 93->2 93->39 93->63 93->71 93->79 93->81 94 Function_012623F4 95 Function_012621F0 96 Function_0126A5FE 97 Function_0126A7C2 98 Function_014D07A4 99 Function_0126B1D6 100 Function_0126A6D4 101 Function_05120DE0 101->81 102 Function_012620D0 103 Function_0126A5DC 104 Function_014D07B6 105 Function_0126A2DA 106 Function_0126AADA

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 126b246-126b2eb 5 126b343-126b348 0->5 6 126b2ed-126b2f5 DuplicateHandle 0->6 5->6 7 126b2fb-126b30d 6->7 9 126b30f-126b340 7->9 10 126b34a-126b34f 7->10 10->9
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 0126B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 0337e005071550f8c4ffcd3e076a5575ae87fb7875119869613bb0b5cc7fdde0
                                                                  • Instruction ID: 210a478aada1f2727bdaa5cee60b406c884406883fc047c8612c6a6cb7777403
                                                                  • Opcode Fuzzy Hash: 0337e005071550f8c4ffcd3e076a5575ae87fb7875119869613bb0b5cc7fdde0
                                                                  • Instruction Fuzzy Hash: 3E31B2B1504344AFEB228B21DC45FA6BFFCEF05714F0484AAFA85CB162D264A919CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 14 126ad04-126ad9f 19 126adf7-126adfc 14->19 20 126ada1-126ada9 DuplicateHandle 14->20 19->20 22 126adaf-126adc1 20->22 23 126adc3-126adf4 22->23 24 126adfe-126ae03 22->24 24->23
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 0126ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: a00f023d020d5062a561536a61ea2a346bc2e5332ce2722e960491440ea4d619
                                                                  • Instruction ID: a0c81defc2b08bec9b9675be218bcc9d077e703b215f7534a55d5b934abbb067
                                                                  • Opcode Fuzzy Hash: a00f023d020d5062a561536a61ea2a346bc2e5332ce2722e960491440ea4d619
                                                                  • Instruction Fuzzy Hash: 2731D3B1004344AFEB228F24DC45FA7BFECEF05614F04889AF985DB152D224A519CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 28 126ab76-126ac67 CreatePipe
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 0126AC36
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: d8c4f12beba51812533e3ac26a5f5540770001eee0f46ea2962b73bfe06a0017
                                                                  • Instruction ID: 19f9eb2db42db0dd08ed8789bff42670d8bdac6c60041af1e968af1d945d50a1
                                                                  • Opcode Fuzzy Hash: d8c4f12beba51812533e3ac26a5f5540770001eee0f46ea2962b73bfe06a0017
                                                                  • Instruction Fuzzy Hash: DC318D7240E3C06FD3038B318C65A66BFB4AF47610F1A84CBD8C4DF1A3D2696919C762

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 33 126a5dc-126a656 37 126a65b-126a667 33->37 38 126a658 33->38 39 126a66c-126a675 37->39 40 126a669 37->40 38->37 41 126a6c6-126a6cb 39->41 42 126a677-126a69b CreateFileW 39->42 40->39 41->42 45 126a6cd-126a6d2 42->45 46 126a69d-126a6c3 42->46 45->46
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0126A67D
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: dd09c9812d2efb051ac8258b64dfde8aa94afa8eaabb80e7c8aff390394decb3
                                                                  • Instruction ID: 5ad06f022f48357541215c5a920a4346af0f0cad0bcd5b2030f9bd1490367434
                                                                  • Opcode Fuzzy Hash: dd09c9812d2efb051ac8258b64dfde8aa94afa8eaabb80e7c8aff390394decb3
                                                                  • Instruction Fuzzy Hash: F531B3B1504340AFE721CF25DD85F62BFE8EF45210F08849EEA859B292D375E819CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 49 126a120-126a146 50 126a1b2-126a1f3 FindNextFileW 49->50 51 126a148-126a1b1 49->51 51->50
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0126A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: 6153f498d58101ca3b2e94c11f9ab2bc0648e6245abd6f2af043cabd1d97ddb7
                                                                  • Instruction ID: 2ec48c3d6103a318a3272e078dfb0f3fefd61ed44a6fb2a6cc0c8efb27ee911f
                                                                  • Opcode Fuzzy Hash: 6153f498d58101ca3b2e94c11f9ab2bc0648e6245abd6f2af043cabd1d97ddb7
                                                                  • Instruction Fuzzy Hash: 8531D67140D3C06FD3128B258C65BA2BFB4EF47610F0985CBDC849F293D229A91AC7A2

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 73 126ad2a-126ad9f 77 126adf7-126adfc 73->77 78 126ada1-126ada9 DuplicateHandle 73->78 77->78 80 126adaf-126adc1 78->80 81 126adc3-126adf4 80->81 82 126adfe-126ae03 80->82 82->81
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 0126ADA7
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 47a381a967228facb0855da2f83d5410c666063f4e265be54c9fd9a70fb65858
                                                                  • Instruction ID: b84671d1263dca3f3a52af21768ba8badafb7a8f3e97e1e18979066317fa39ef
                                                                  • Opcode Fuzzy Hash: 47a381a967228facb0855da2f83d5410c666063f4e265be54c9fd9a70fb65858
                                                                  • Instruction Fuzzy Hash: 5021F471100204AFEB219F24DC85F6BFBECEF04324F04886AFA459B151D774A558CBA1

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 86 126b276-126b2eb 90 126b343-126b348 86->90 91 126b2ed-126b2f5 DuplicateHandle 86->91 90->91 92 126b2fb-126b30d 91->92 94 126b30f-126b340 92->94 95 126b34a-126b34f 92->95 95->94
                                                                  APIs
                                                                  • DuplicateHandle.KERNELBASE(?,00000E24), ref: 0126B2F3
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: DuplicateHandle
                                                                  • String ID:
                                                                  • API String ID: 3793708945-0
                                                                  • Opcode ID: 274b114ab98a050d2c19277fd6d29067b110d037aa9155b27bd40ef7d55dcd06
                                                                  • Instruction ID: 59c17db26da26713664339b450b5bca85ea76f6944dac1300a686093110e8cb6
                                                                  • Opcode Fuzzy Hash: 274b114ab98a050d2c19277fd6d29067b110d037aa9155b27bd40ef7d55dcd06
                                                                  • Instruction Fuzzy Hash: EB21F471500204AFEB219F21DC45F6BFBECEF04714F04886AFE45CB151D774A5588BA1

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 56 126a370-126a3cf 59 126a3d4-126a3dd 56->59 60 126a3d1 56->60 61 126a3e2-126a3e8 59->61 62 126a3df 59->62 60->59 63 126a3ed-126a404 61->63 64 126a3ea 61->64 62->61 66 126a406-126a419 RegQueryValueExW 63->66 67 126a43b-126a440 63->67 64->63 68 126a442-126a447 66->68 69 126a41b-126a438 66->69 67->66 68->69
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A40C
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: 220a8321852c2aa1509c2f113f565cafa977ace820d5c9b2ae007ef12b32e9f9
                                                                  • Instruction ID: a772fb66cdc78a73c83b348cb5efcf9816f932446a817acdde012fa6f2c1bfa7
                                                                  • Opcode Fuzzy Hash: 220a8321852c2aa1509c2f113f565cafa977ace820d5c9b2ae007ef12b32e9f9
                                                                  • Instruction Fuzzy Hash: 5F218DB1504740AFE721CF15DC84FA2BBFCEF45610F08849AEA85DB292D364E948CB61

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 99 126a850-126a8d6 103 126a91a-126a91f 99->103 104 126a8d8-126a8f8 SetFilePointer 99->104 103->104 107 126a921-126a926 104->107 108 126a8fa-126a917 104->108 107->108
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: b48f9cca908c83413913f9e860999452daf80b5b8c27c71b064774ae90b226b9
                                                                  • Instruction ID: 672ed4e7e8fb3d4573b29dbde7d0d0cb006da73fde021c503f39629b3e726caf
                                                                  • Opcode Fuzzy Hash: b48f9cca908c83413913f9e860999452daf80b5b8c27c71b064774ae90b226b9
                                                                  • Instruction Fuzzy Hash: 9D21C1B1409380AFE7228B24DC85F62BFB8EF46714F0984DBF9849F193C264A919C771

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 111 126a933-126a9b9 115 126a9fd-126aa02 111->115 116 126a9bb-126a9db WriteFile 111->116 115->116 119 126aa04-126aa09 116->119 120 126a9dd-126a9fa 116->120 119->120
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: 78db345a10f489ebf3ed82bc1078ea188b0583d07bb63ee260322a1c37aaa761
                                                                  • Instruction ID: 3faa5f5e1f922cf302eb3e799abeaf1c53912be256aa0b6b21a507f80253077d
                                                                  • Opcode Fuzzy Hash: 78db345a10f489ebf3ed82bc1078ea188b0583d07bb63ee260322a1c37aaa761
                                                                  • Instruction Fuzzy Hash: 3B21B271409380AFDB22CF25DC45F96BFF8EF06714F08849BEA859F192C265A548CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 123 126a5fe-126a656 126 126a65b-126a667 123->126 127 126a658 123->127 128 126a66c-126a675 126->128 129 126a669 126->129 127->126 130 126a6c6-126a6cb 128->130 131 126a677-126a67f CreateFileW 128->131 129->128 130->131 133 126a685-126a69b 131->133 134 126a6cd-126a6d2 133->134 135 126a69d-126a6c3 133->135 134->135
                                                                  APIs
                                                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0126A67D
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateFile
                                                                  • String ID:
                                                                  • API String ID: 823142352-0
                                                                  • Opcode ID: 72b002585b85be7b236d91bfbee551825c00e0af437acc9229074d160c83be86
                                                                  • Instruction ID: 095a709cee47ecc33090319d26da80bce8476398b95ebd2a702281462bab2068
                                                                  • Opcode Fuzzy Hash: 72b002585b85be7b236d91bfbee551825c00e0af437acc9229074d160c83be86
                                                                  • Instruction Fuzzy Hash: 9B21C4B1510200AFEB21CF25DD85F66FBECEF04314F04845AEA859B291D775E844CB71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 138 126a78f-126a80d 142 126a842-126a847 138->142 143 126a80f-126a822 GetFileType 138->143 142->143 144 126a824-126a841 143->144 145 126a849-126a84e 143->145 145->144
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A815
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: 7a5859f80bc99392a78fbb2328a9937065bff89ff7db1515e2069ddbbc2b9f24
                                                                  • Instruction ID: 39d150c8b78eadc288a085a4ae68533bafd30476dfbc9f1f819fa27511886ee7
                                                                  • Opcode Fuzzy Hash: 7a5859f80bc99392a78fbb2328a9937065bff89ff7db1515e2069ddbbc2b9f24
                                                                  • Instruction Fuzzy Hash: 7821D8B54083806FE7128B21DC45BA2BFFCDF46714F0880D7F9859B193D268A909C775

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 149 126aa0b-126aa6a 151 126aa6f-126aa75 149->151 152 126aa6c 149->152 153 126aa77 151->153 154 126aa7a-126aa83 151->154 152->151 153->154 155 126aac4-126aac9 154->155 156 126aa85-126aaa5 CreateDirectoryW 154->156 155->156 159 126aaa7-126aac3 156->159 160 126aacb-126aad0 156->160 160->159
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 0126AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: 62149c3142dd5d1cf7c06fa15b5ca9d7ed4a4f7289908402118301226a9df527
                                                                  • Instruction ID: e7c3a4df3b46f30ad844204bf3979c36ea749cd30104f334706bcc474bff94a3
                                                                  • Opcode Fuzzy Hash: 62149c3142dd5d1cf7c06fa15b5ca9d7ed4a4f7289908402118301226a9df527
                                                                  • Instruction Fuzzy Hash: EE21B0715083C09FEB12CB29DC55B96BFE8AF06314F0D84EAE984DF193D225D949CB61

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 162 126a392-126a3cf 164 126a3d4-126a3dd 162->164 165 126a3d1 162->165 166 126a3e2-126a3e8 164->166 167 126a3df 164->167 165->164 168 126a3ed-126a404 166->168 169 126a3ea 166->169 167->166 171 126a406-126a419 RegQueryValueExW 168->171 172 126a43b-126a440 168->172 169->168 173 126a442-126a447 171->173 174 126a41b-126a438 171->174 172->171 173->174
                                                                  APIs
                                                                  • RegQueryValueExW.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A40C
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: QueryValue
                                                                  • String ID:
                                                                  • API String ID: 3660427363-0
                                                                  • Opcode ID: bd063ff043567fd80c42fc161431ebfa42662c990761dc33321797ab325b149e
                                                                  • Instruction ID: 4cb9e60ad1382fd3c8a321cd8f7a0d29b1dec7428255159d4168c5941dc18ce7
                                                                  • Opcode Fuzzy Hash: bd063ff043567fd80c42fc161431ebfa42662c990761dc33321797ab325b149e
                                                                  • Instruction Fuzzy Hash: 7C21D5B1110600AFE720CF15DC85F67F7ECEF04710F04845AEA46DB291D7A4E848CA71

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 178 126a962-126a9b9 181 126a9fd-126aa02 178->181 182 126a9bb-126a9c3 WriteFile 178->182 181->182 184 126a9c9-126a9db 182->184 185 126aa04-126aa09 184->185 186 126a9dd-126a9fa 184->186 185->186
                                                                  APIs
                                                                  • WriteFile.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A9C1
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileWrite
                                                                  • String ID:
                                                                  • API String ID: 3934441357-0
                                                                  • Opcode ID: edc9d1ec5a39b0b529a857c35765d8d3bb109caff331963a3b228baf9d1e2fcf
                                                                  • Instruction ID: 7ad0230392349e75aeca4614b77d935035e2df20305b8374ef5d63862ac17235
                                                                  • Opcode Fuzzy Hash: edc9d1ec5a39b0b529a857c35765d8d3bb109caff331963a3b228baf9d1e2fcf
                                                                  • Instruction Fuzzy Hash: 8411C1B1400240AFEB21CF65DD86F6AFBECEF04724F14845AEE459B291C778A548CBB5
                                                                  APIs
                                                                  • SetFilePointer.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A8DE
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FilePointer
                                                                  • String ID:
                                                                  • API String ID: 973152223-0
                                                                  • Opcode ID: c1d7ab8cb466c6023f3377ac389b55707facca0375abdc1a0117c147257d6dcb
                                                                  • Instruction ID: 74370763bd2d63bef12accd6938e0f2412bb47cf95838abdb7dc7b8be0d16aae
                                                                  • Opcode Fuzzy Hash: c1d7ab8cb466c6023f3377ac389b55707facca0375abdc1a0117c147257d6dcb
                                                                  • Instruction Fuzzy Hash: 8D11E7B1410200AFEB21DF54DC85F66FBECEF44724F14845AEE459B281C774A5488BB5
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 0126A30C
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: 708d989aef709b34fb965634d4feeffc189090a69ba8a16cc8fa415670ac3c26
                                                                  • Instruction ID: 5e065868b32b334c741e3921ed3a35772f653f15362f06b276c3223f432edb0b
                                                                  • Opcode Fuzzy Hash: 708d989aef709b34fb965634d4feeffc189090a69ba8a16cc8fa415670ac3c26
                                                                  • Instruction Fuzzy Hash: 8B11A0754097C09FDB238B25DC94A52BFB4DF47220F0980DBDD849F2A3D265A858CB72
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 0126B208
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: 1909ddda8d92ad2b0e6d96ff3bc084ef71950adb4aaa9e1c040f9ec4e3790f50
                                                                  • Instruction ID: a5dec69b768adbbe34031aacfb2a7bc8d708c4fc9913fd057a6e69615e10c77e
                                                                  • Opcode Fuzzy Hash: 1909ddda8d92ad2b0e6d96ff3bc084ef71950adb4aaa9e1c040f9ec4e3790f50
                                                                  • Instruction Fuzzy Hash: 8F11A0714093C09FDB128F15DC44B56BFB4DF46220F0884DAED849F293D275A948CB62
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 354cf33b7dce8f48da389508a1ef43f8495bb5531dcd9a4603cb404cc69b03f0
                                                                  • Instruction ID: 20f23c8b604d4d006c16fa9c3092377be00adff3c647e59a0b724eb50f9b181d
                                                                  • Opcode Fuzzy Hash: 354cf33b7dce8f48da389508a1ef43f8495bb5531dcd9a4603cb404cc69b03f0
                                                                  • Instruction Fuzzy Hash: 7A11A0715097C09FD7228B25DC45B52BFF8EF06220F0984DAED858B2A3D264A858CB61
                                                                  APIs
                                                                  • CreateDirectoryW.KERNELBASE(?,?), ref: 0126AA8B
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreateDirectory
                                                                  • String ID:
                                                                  • API String ID: 4241100979-0
                                                                  • Opcode ID: f754940e843308ddddd5e0e33ea3a9af4cf8dacea974667519ac087bf014d0d7
                                                                  • Instruction ID: 03eb3de0268fa0e0b04cd73d4d9ba2998b7a411ce1ea76d8cad48c1251e0873d
                                                                  • Opcode Fuzzy Hash: f754940e843308ddddd5e0e33ea3a9af4cf8dacea974667519ac087bf014d0d7
                                                                  • Instruction Fuzzy Hash: 761161716102419FEB10CF29D985B5AFBECEF04620F08C4AADE49DB292E675E944CB61
                                                                  APIs
                                                                  • GetFileType.KERNELBASE(?,00000E24,09E0F058,00000000,00000000,00000000,00000000), ref: 0126A815
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileType
                                                                  • String ID:
                                                                  • API String ID: 3081899298-0
                                                                  • Opcode ID: 46dc9bf5e838a7e8b7d4e985cdabb1f5be475af9da5d5215e7c897409438020c
                                                                  • Instruction ID: 9f4118c2c8c779dff7aecd7aa92cf95365382e6648f1480b8ee801091ac3f083
                                                                  • Opcode Fuzzy Hash: 46dc9bf5e838a7e8b7d4e985cdabb1f5be475af9da5d5215e7c897409438020c
                                                                  • Instruction Fuzzy Hash: 3F01F9B1510240AFE720CB15DD86B66FBDCDF44724F14C096EE059B281D7B8A9488AB5
                                                                  APIs
                                                                  • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 0126AC36
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CreatePipe
                                                                  • String ID:
                                                                  • API String ID: 2719314638-0
                                                                  • Opcode ID: a7cd3a3fdedec38eb2459842b846195e47ca170418ae04fad3c302ed6a791fdd
                                                                  • Instruction ID: f2d545b269fac6cfb2760ec94941b6b475578b4d993c8ec3c3b48dccb27d9beb
                                                                  • Opcode Fuzzy Hash: a7cd3a3fdedec38eb2459842b846195e47ca170418ae04fad3c302ed6a791fdd
                                                                  • Instruction Fuzzy Hash: 43019EB1900200ABD210DF16CD46B26FBE8EB88A20F14851AED089B641D675F965CBA1
                                                                  APIs
                                                                  • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 0126A1C2
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: FileFindNext
                                                                  • String ID:
                                                                  • API String ID: 2029273394-0
                                                                  • Opcode ID: db20b2101149bda09edeb5f022317aff09f8b26632b5c0c58d525e8a1eac048b
                                                                  • Instruction ID: e0f61a686fe9de674eb0af9e36af5c64a202ac403b8ab3ef0e2b9cbb84689aca
                                                                  • Opcode Fuzzy Hash: db20b2101149bda09edeb5f022317aff09f8b26632b5c0c58d525e8a1eac048b
                                                                  • Instruction Fuzzy Hash: 4A0171B1900200AFD310DF16DD46B26FBE8EB88A20F14855AED089B741D775F955CBE5
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseFind
                                                                  • String ID:
                                                                  • API String ID: 1863332320-0
                                                                  • Opcode ID: 107c7808691c1a9b8237a63200668cc7c03625a418abd3445c7c528d39db83b9
                                                                  • Instruction ID: 43448b57845bf97a53a5ccde3884fbdda583a3e3b926bdb30972e1c534fd0cc3
                                                                  • Opcode Fuzzy Hash: 107c7808691c1a9b8237a63200668cc7c03625a418abd3445c7c528d39db83b9
                                                                  • Instruction Fuzzy Hash: 1201F9756102419FDB148F15D885762FBD8EF04620F08C09ADD458B3D2D2B9E898CE62
                                                                  APIs
                                                                  • GetSystemInfo.KERNELBASE(?), ref: 0126B208
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: InfoSystem
                                                                  • String ID:
                                                                  • API String ID: 31276548-0
                                                                  • Opcode ID: e627766b96f31d6e45af7becb6f98b2f27d0f392e995b0a6f1e3031b613ef597
                                                                  • Instruction ID: 53ce003b5fc87eb362f50ed101bb818954818504ee2666f2a5609d5e1d80286f
                                                                  • Opcode Fuzzy Hash: e627766b96f31d6e45af7becb6f98b2f27d0f392e995b0a6f1e3031b613ef597
                                                                  • Instruction Fuzzy Hash: F201D6709102409FDB10CF15E886766FBE8DF04721F08C4AADD48DF296D2B9A444CB61
                                                                  APIs
                                                                  • SetErrorMode.KERNELBASE(?), ref: 0126A30C
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: ErrorMode
                                                                  • String ID:
                                                                  • API String ID: 2340568224-0
                                                                  • Opcode ID: b5ce2401da2d9326573599f22ed99255180eddd4139c9293323679ed611cf34e
                                                                  • Instruction ID: 1e2f71d937d9a4afc112969fd7713faf41871f06bfd47eccb3643b8e1785156f
                                                                  • Opcode Fuzzy Hash: b5ce2401da2d9326573599f22ed99255180eddd4139c9293323679ed611cf34e
                                                                  • Instruction Fuzzy Hash: 4FF0A474514280DFDB209F15D886761FBE8DF44721F08C09ADD455F392D3F9A8A8CA62
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Oj
                                                                  • API String ID: 0-2889815623
                                                                  • Opcode ID: 52beb4257360f2c259f74046b8aa94dad6ad85a7a0e889220b540439f3cd0860
                                                                  • Instruction ID: 2cb7d0559da5fa718bf2be3e1d8daf2f5816cc9c2bc1dadf0beb813134a8286d
                                                                  • Opcode Fuzzy Hash: 52beb4257360f2c259f74046b8aa94dad6ad85a7a0e889220b540439f3cd0860
                                                                  • Instruction Fuzzy Hash: C5A1AD34B002158FDB19EB74E5A977EB3B3BB88308F168429D90697399DF789C418B61
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 0126A748
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: 9e25a3b1e8b1b6789520b448bdfcf96eb408a9233f0776ec99bb948d18889313
                                                                  • Instruction ID: a06ea65aa074ff6b6c8ec54a8702a6e4d47ccdbe3b0742c78e803d829de3ee34
                                                                  • Opcode Fuzzy Hash: 9e25a3b1e8b1b6789520b448bdfcf96eb408a9233f0776ec99bb948d18889313
                                                                  • Instruction Fuzzy Hash: EE21B0B55097C09FD7128B259C55792BFB8AF02320F0980DADD859F1A3D2649908C771
                                                                  APIs
                                                                  • CloseHandle.KERNELBASE(?), ref: 0126A748
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150029974.000000000126A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126A000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_126a000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID: CloseHandle
                                                                  • String ID:
                                                                  • API String ID: 2962429428-0
                                                                  • Opcode ID: e6369cb8d380c7172c80ce71f8696574edc59505574c44708fb62c3200b9aabe
                                                                  • Instruction ID: 6c308c658b7db522a5637204c7bfcfc637eee18b230899217eaa93ffc8c6adf3
                                                                  • Opcode Fuzzy Hash: e6369cb8d380c7172c80ce71f8696574edc59505574c44708fb62c3200b9aabe
                                                                  • Instruction Fuzzy Hash: 6C01F7719002409FDB15CF19D886766FBE8DF00320F18C4AADD469F292D278E854CAA1
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0dadb99f9a2a73c4b6a3e15447c96931a99eb6b0f0908c84a522e4eef23ede6c
                                                                  • Instruction ID: 432a8387f1b50bf05501e2ab15f56a3df3f46d691afc2e70c5aeb8e736592168
                                                                  • Opcode Fuzzy Hash: 0dadb99f9a2a73c4b6a3e15447c96931a99eb6b0f0908c84a522e4eef23ede6c
                                                                  • Instruction Fuzzy Hash: AFB13075701124EFC719EB65E96CA9E77B3FF88340B118528D9069B368DF309C05CBA0
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d20f51a288c3afe429700354f07cd2fb99d42ca9c531003867d7a2f22dabad03
                                                                  • Instruction ID: 7775ee3a80421a301f8e26cd7070741f0aaad34d9aa25265cdb311873b16abe0
                                                                  • Opcode Fuzzy Hash: d20f51a288c3afe429700354f07cd2fb99d42ca9c531003867d7a2f22dabad03
                                                                  • Instruction Fuzzy Hash: 02210230B002258FCB55EB3A88146AE7AD7AFD9204B06843DD556DB392DF36E90287D2
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95035a463c21c489cf68a50070bae2f41e67c7372b3e8af44d994443b7d3740c
                                                                  • Instruction ID: 64ff797aafe4bc930c5e4fae79c86c9270f97b065b0f57e17086ded0cafaf3e7
                                                                  • Opcode Fuzzy Hash: 95035a463c21c489cf68a50070bae2f41e67c7372b3e8af44d994443b7d3740c
                                                                  • Instruction Fuzzy Hash: 8C210230B002158BCB15FB3AC82466FB6D7AFD5208B46883CC18ADB392DF75E90287D5
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150531055.00000000014D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_14d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1ec3756213fae0a093b0e25a95c313562569f08e28bf557274bc2d2b0763372f
                                                                  • Instruction ID: 6f0dbda9e71857d4da612878635dd54b742034856e8137148a139f03ff85ba6c
                                                                  • Opcode Fuzzy Hash: 1ec3756213fae0a093b0e25a95c313562569f08e28bf557274bc2d2b0763372f
                                                                  • Instruction Fuzzy Hash: 6711E7B24092446FD340CB55EC46867FBE8DF82521F08C57BEC48CB201D266E9188BE2
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7182c43c6f859f55d0dbbc4b481c512721607395fc57ffb8bdd76c2bb3f66bed
                                                                  • Instruction ID: 8adbd57254966990d526dac79961057d93a93852966bb85ca8f296cb251b55c6
                                                                  • Opcode Fuzzy Hash: 7182c43c6f859f55d0dbbc4b481c512721607395fc57ffb8bdd76c2bb3f66bed
                                                                  • Instruction Fuzzy Hash: 5D11D335A10228AFCF04EBB4D8889DE7BF2BF8C214B064575E606D7275DF3198168BA1
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 801a01cdc123f86f4790d4a0aff9802d35071c2754041f2a5828212585c5b456
                                                                  • Instruction ID: 72ddcf154c30d86891b571d7b8b323597df1adf4bee405dd2971473efaab4b8e
                                                                  • Opcode Fuzzy Hash: 801a01cdc123f86f4790d4a0aff9802d35071c2754041f2a5828212585c5b456
                                                                  • Instruction Fuzzy Hash: 4C119132A10118AFCF04ABB4D85899E7BF6FF8C214B074475E606E7275DF31981587A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150531055.00000000014D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_14d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 622639acce3733169cb53b5baf323573d120ebb501668cba1901211724308e26
                                                                  • Instruction ID: c38dfab41015ac38afc04481afd1bbe3da591a49bf8d25e291c35e3802c6a4d6
                                                                  • Opcode Fuzzy Hash: 622639acce3733169cb53b5baf323573d120ebb501668cba1901211724308e26
                                                                  • Instruction Fuzzy Hash: 2101F9B650D7806FD7118B16AC41863FFF8DF86620709C49FEC498B652D129A808CB72
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150531055.00000000014D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_14d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b02af57052af222ae1804698779d050ebe9dea7e1b320d7919d8971e90eec17
                                                                  • Instruction ID: e9f7c5d05b67fbffbda08a625d6f6bb1ab8fb5d657ec0667648219a80b238eb1
                                                                  • Opcode Fuzzy Hash: 3b02af57052af222ae1804698779d050ebe9dea7e1b320d7919d8971e90eec17
                                                                  • Instruction Fuzzy Hash: 6BF082B2945604AB9240DF19ED46856F7ECDF84921F04C52AEC088B300E276AA194AE2
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150531055.00000000014D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_14d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fb3b5c9b0067d326c22adced63587f0bdeaa514533658648f5f38763c75ad4a4
                                                                  • Instruction ID: a8ad5d6132f2625abd8e720edd451152a2785905387ee02d1ca0bebfdf4eb6b6
                                                                  • Opcode Fuzzy Hash: fb3b5c9b0067d326c22adced63587f0bdeaa514533658648f5f38763c75ad4a4
                                                                  • Instruction Fuzzy Hash: 15E0267A60A1000B9F40852DBC520B6B340DAC1231B38807FE84E8B201D526910ACBDA
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4150531055.00000000014D0000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_14d0000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a0e9ba60fd04ff5c195a64c1ce656583989f550dc2e9cc5797aa299e9062a218
                                                                  • Instruction ID: 90e1dba8057e5dcf30a6f4646bc6029a6cd1621812eb055bf5f42ecbbced084e
                                                                  • Opcode Fuzzy Hash: a0e9ba60fd04ff5c195a64c1ce656583989f550dc2e9cc5797aa299e9062a218
                                                                  • Instruction Fuzzy Hash: 43E092B66406009B9650CF0AEC42452F7D8EB84A31708C47FDD0D8B701D67AB918CAA5
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 96379d7e590c5f025dc88e336db63111e113aa493b686fe921c41ddb91982c80
                                                                  • Instruction ID: f7ed62cece312b4c86737609c307b2d261cd4e0371e5d428ccd4e64ccbc33497
                                                                  • Opcode Fuzzy Hash: 96379d7e590c5f025dc88e336db63111e113aa493b686fe921c41ddb91982c80
                                                                  • Instruction Fuzzy Hash: E2E0DF31F143245FCB48DBF998801DEBFE6EF85260B0245BAC008D7252EF358C4283A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 331a78ffab7b2892b8d44f7fff481291475b78c459e149005080f42999cb7143
                                                                  • Instruction ID: 63292045c4cc0f71af8c5b4adfce896972e938067a57b36b506760c571381083
                                                                  • Opcode Fuzzy Hash: 331a78ffab7b2892b8d44f7fff481291475b78c459e149005080f42999cb7143
                                                                  • Instruction Fuzzy Hash: 91D0C231F002181B8B48DBF8984419FBBEA9B84054B424079D008D3301EE359C4183A0
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b4f63c10f1303e4b731ee7ca9682e22b10f0226893506b9bcc2f2a07a290737a
                                                                  • Instruction ID: 31ceb4d21daff1a8edab21e7d33aa366ed63d676f048b2c496e2ba853fb0e1bd
                                                                  • Opcode Fuzzy Hash: b4f63c10f1303e4b731ee7ca9682e22b10f0226893506b9bcc2f2a07a290737a
                                                                  • Instruction Fuzzy Hash: 0DE0C2302543108FC7059774E55A5E837E1AB89315F06C1A188044F163D734CC82C742
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5933ec7adde47180814554f1b553890077e6dd092e28186e8bb24184da490e10
                                                                  • Instruction ID: 1c5bcefd7cdd7ed4ec965187edad43b95d55826a13601280fd7024db42b0051f
                                                                  • Opcode Fuzzy Hash: 5933ec7adde47180814554f1b553890077e6dd092e28186e8bb24184da490e10
                                                                  • Instruction Fuzzy Hash: 2CE0C2306483518FC705D734D4699A93BE2AFC9318F46C1A9C4088B167C778C8C1C740
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4149987360.0000000001262000.00000040.00000800.00020000.00000000.sdmp, Offset: 01262000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_1262000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df946c18779bcc0b997515d764dba7989da0a2be3c6184b794e48d43e1d18de7
                                                                  • Instruction ID: b0b0bb87f7e38b33a02964ddd0ac9b7c3b0a2bcee0831719424edca72098070d
                                                                  • Opcode Fuzzy Hash: df946c18779bcc0b997515d764dba7989da0a2be3c6184b794e48d43e1d18de7
                                                                  • Instruction Fuzzy Hash: 65D02EB92016928FE3128B1CC1A8BA63BE8EF41704F0A40F9E8008B7A3C72CD4C0C200
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4149987360.0000000001262000.00000040.00000800.00020000.00000000.sdmp, Offset: 01262000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_1262000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b03a53fc46e8452d261fd1fdd5aeb14415544d5f06b25b4108c66397b4b8f95d
                                                                  • Instruction ID: 24cd540255b6ed703662c45a636753967ee2c0b583bfcec22b9eb3da926480db
                                                                  • Opcode Fuzzy Hash: b03a53fc46e8452d261fd1fdd5aeb14415544d5f06b25b4108c66397b4b8f95d
                                                                  • Instruction Fuzzy Hash: B7D05E742002828BD719DB1CC2D4F5937D8AB40714F1644E9BD108B6A2C7A8D8D0CA40
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4e42de3c8515756fe9edbd941da4599600d2c7000244702fc1982f68481fb29
                                                                  • Instruction ID: 00f9e685f838448ebf6563e992cbf0835f79c5e28221d4e6717988acb4302d80
                                                                  • Opcode Fuzzy Hash: d4e42de3c8515756fe9edbd941da4599600d2c7000244702fc1982f68481fb29
                                                                  • Instruction Fuzzy Hash: D7C012303043188BC704A768D55CA2977966BCC704F85C16484094B266CB70E890C640
                                                                  Memory Dump Source
                                                                  • Source File: 0000001C.00000002.4151810370.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_28_2_5120000_unarchiver.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d2c9b7d30f3857ed75ea8c1d1ee88f45d7b63fec1829738a2eec6d0c7b10af2
                                                                  • Instruction ID: c473ba00546ba62b108c9d10a24d88756ab8f577e02bc917a222773d995c0308
                                                                  • Opcode Fuzzy Hash: 0d2c9b7d30f3857ed75ea8c1d1ee88f45d7b63fec1829738a2eec6d0c7b10af2
                                                                  • Instruction Fuzzy Hash: DBC012303043188BC704A768E55CA2973976BC8704F46C16484094B266CB70E8D0C680